b"\x0c\x0cFEDERAL DEPOSIT INSURANCE CORPORATION\nOFFICE OF INSPECTOR GENERAL\n\nSemiannual Report to the Congress\n\n\n\n\n  title page\n\n\n\n\n                   October\n                       be 1, 2006\n                              00 \xe2\x80\x93 Ma\n                                   March\n                                    a    31,\n                                          1,, 2007\n\x0c\x0c                                          Inspector\n                                          General\xe2\x80\x99s\n                                          Statement\n\n\n\n\nM My office continues to achieve\nsignificant results as we carry out\nthe Office of Inspector General\n(OIG) mission at the Federal Deposit\n                                             District of Florida, a restitution order in\n                                             the aggregate amount of $31.7 million\n                                             was issued. The former Hamilton\n                                             Bank chairman of the board and chief\nInsurance Corporation (FDIC) through         executive officer (CEO) was ordered\naudits, evaluations, investigations,         individually to pay a total of\nand other operational activities. Over       $16.1 million to the FDIC, and\nthe past 6 months, we issued 11              $1.1 million to Twin City Fire Insurance\naudit and evaluation reports with 35         Company. These amounts represent\nnonmonetary recommendations to               restitution of losses suffered as a\nmanagement for enhancements in               result of the bank fraud for which\nsuch areas as the FDIC\xe2\x80\x99s supervision         the former chairman of the board\nof financial institutions\xe2\x80\x99 Office of         and CEO was convicted in May\nForeign Assets Control compliance            2006. As a result of the securities\nprograms, implementation of the              fraud for which he was convicted,\n2005 amendments to the Community             the former chairman of the board\nReinvestment Act regulations,                and CEO was also ordered to pay\nprotection of information in an              $14.5 million in restitution, jointly and\nidentifiable form, information               severally, with his two co-defendants,\ntechnology examination coverage              the former Hamilton president and\nof financial institutions\xe2\x80\x99 oversight of      the former chief financial officer.\ntechnology service providers, and\n                                              The OIG is especially proud of\nthe FDIC\xe2\x80\x99s contract planning and\n                                             Special Agent Gary Sherrill, from our\nmanagement for business continuity.\n                                             Atlanta Office, whose investigative\n  As discussed in more detail in our         efforts were instrumental in the\nreport, we also closed 30 criminal           successful outcome of the Hamilton\ninvestigations, and our investigations       case. Gary\xe2\x80\x99s outstanding work will\nresulted in over $75 million in total        be acknowledged by FDIC Chairman\nfines, restitution, and other potential      Sheila Bair at the Corporation\xe2\x80\x99s\nmonetary recoveries. Of great                annual award ceremony in early May\nsignificance, during the reporting           when he will receive the Chairman\xe2\x80\x99s\nperiod, at the conclusion of one of the      Award for Excellence for his individual\nOIG\xe2\x80\x99s most successful investigations, in     efforts in this case. We are honored\nthe U.S. District Court for the Southern     by the Chairman\xe2\x80\x99s recognition of\n\n                              Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 3\n\x0c Gary\xe2\x80\x99s investigation of a highly                  Inspector General community, and\n complex financial institution fraud               the Government Accountability\n and his efforts to ensure the nation\xe2\x80\x99s            Office. These activities are proving\n banks operate safely and soundly.                 highly beneficial and will continue\n                                                   as we plan for 2008 and 2009.\n   During the reporting period, I\n selected Sara Gibson to serve as                   I am especially grateful to FDIC\n Assistant Inspector General for                   Chairman Bair for her support of\n Investigations. I also announced a                my office over the past months.\n reorganization of the OIG to include              Similarly, FDIC Vice Chairman\n an Office of Evaluations that would               Gruenberg, who also chairs the\n be separate from our Office of Audits.            FDIC Audit Committee, continues to\n The Evaluations group, led by Stephen             endorse the role of the FDIC OIG, as\n Beard, Assistant Inspector General                evidenced by his recent remarks at\n for Evaluations and Management, is                our OIG-wide conference in April.\n undertaking a number of assignments\n                                                     In closing, I underscore the theme\n designed to provide independent,\n                                                   of that recent OIG conference\xe2\x80\x94\n objective information to facilitate FDIC\n                                                   Change, Challenge, Choices.The\n management decision-making and\n                                                   OIG has experienced significant\n improve operations. The group has\n                                                   changes over the past months and,\n already completed several successful\n                                                   like everyone at the FDIC, is attuned\n engagements. We have also continued\n                                                   to changes and emerging risks in\n implementing a number of internal\n                                                   the financial services industry and\n OIG initiatives to build and sustain a\n                                                   the regulatory arena everyday. These\n high-quality OIG work environment.\n                                                   changes pose challenges to us all.\n In that connection, over the past\n                                                   Our choice is and will continue\n 6 months we have initiated many\n                                                   to be to approach the challenges\n projects to promote professional\n                                                   with a positive attitude of service\n training and development of our staff.\n                                                   to the Corporation and the public\n We have also engaged in a number\n                                                   interest. We are honored to do so.\n of stakeholder outreach efforts to\n maintain mutually beneficial working\n relationships with the Congress,\n corporate officials, others in the                Jon T. Rymer\n                                                   Inspector General\n                                                   April 30, 2007\n\n4 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0c                                                 Table of Contents\n\n\n\n\nIG\n Inspector General\xe2\x80\x99s Statement.................................................................... 3\n Highlights and Outcomes ........................................................................... 7\n Strategic Goal Areas\n Supervision: Assist the FDIC to Ensure the Nation\xe2\x80\x99s\n              Banks Operate Safely and Soundly .......................................... 11\n Insurance: Help the FDIC Maintain the Viability of the\n            Insurance Fund ......................................................................... 31\n Consumer Protection: Assist the FDIC to Protect Consumer Rights\n                      and Ensure Customer Data Security and Privacy......... 33\n Receivership Management: Help Ensure that the FDIC is Ready\n                          to Resolve Failed Banks and Effectively\n                          Manages Receiverships ................................... 39\n Resources Management: Promote Sound Governance and Effective\n                       Stewardship and Security of Human, Financial,\n                       Information Technology, and Physical Resources .... 43\n OIG Internal Processes: Build and Sustain a High-Quality\n                         OIG Work Environment ........................................ 51\n Reporting Requirements ............................................................................ 58\n Information Required by the Inspector General Act of 1978, as amended .... 59\n Abbreviations and Acronyms ...................................................................... 6\n\n\n\n\n                                      Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 5\n\x0c Abbreviations and\n Acronyms\n\n\n\n\n   BCP          Business Continuity Plan\n   BSA          Bank Secrecy Act\n   CEO          chief executive officer\n   CRA          Community Reinvestment Act\n   DIT          Division of Information Technology\n   DRR          Division of Resolutions and Receiverships\n   DSC          Division of Supervision and Consumer Protection\n   ECU          Electronic Crimes Unit\n   FBI          Federal Bureau of Investigation\n   FDIC         Federal Deposit Insurance Corporation\n   FEDSIM       Federal Systems Integration Management Center\n   GSA          General Services Administration\n   IIF          information in an identifiable form\n   ILC          industrial loan company\n   ISB          intermediate small bank\n   ISC          infrastructure services contract\n   IT           Information Technology\n   IT-RMP       Information Technology-Risk Management Program\n   OA           Office of Audits\n   OCC          Office of the Comptroller of the Currency\n   OE           Office of Evaluations\n   OERM         Office of Enterprise Risk Management\n   OFAC         Office of Foreign Assets Control\n   OI           Office of Investigations\n   OIG          Office of Inspector General\n   PCIE         President\xe2\x80\x99s Council on Integrity and Efficiency\n   SRA          SRA International, Inc.\n   TSP          technology service provider\n\n\n\n\n6 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0c                                            Highlights and\n                                            Outcomes\n\n\n\n\nT The OIG\xe2\x80\x99s 2007 Business Plan\ncontains five strategic goals that are\nclosely linked to the FDIC\xe2\x80\x99s mission,\nprograms, and activities, and one\n                                               strengthen the supervisory approach\n                                               for ensuring financial institution\n                                               compliance with Office of Foreign\n                                               Assets Control compliance programs.\nthat focuses on the OIG\xe2\x80\x99s internal\n                                                 With respect to investigative work,\nbusiness and management processes.\n                                               as a result of cooperative efforts with\nThese highlights show our progress\n                                               U.S. Attorneys throughout the country,\nin meeting these goals during the\n                                               numerous individuals were prosecuted\nreporting period. A more in-depth\n                                               for financial institution fraud, and we\ndiscussion of OIG audits, evaluations,\n                                               achieved successful results in combating\ninvestigations, and other activities\n                                               a number of emerging mortgage\nin pursuit of these goals follows.\n                                               fraud schemes. Particularly noteworthy\n                                               results include a restitution order in the\nStrategic Goal 1                               aggregate amount of $31.7 million\nSupervision: Assist the FDIC                   that was issued in connection with our\nto Ensure the Nation\xe2\x80\x99s Banks                   investigation of Hamilton Bank and\nOperate Safely and Soundly                     bank fraud on the part of former bank\n  Our work in helping to ensure                officers. The restitution was ordered\nthat the nation\xe2\x80\x99s banks operate                on the former chairman of the board\nsafely and soundly takes the form of           and chief executive officer, and his\naudits, investigations, evaluations,           co-defendants, the former president\nand extensive communication and                and the former chief financial officer of\ncoordination with FDIC divisions and           the failed bank. In another significant\noffices, law enforcement agencies,             case, in the U.S. District Court for\nother financial regulatory OIGs, and           the District of Colorado, the former\nbanking industry officials. During             BestBank owner and chief executive\nthe reporting period, in audit reports         officer and chairman of the board of\nissued, we made recommendations                directors, the former president and\nto enhance protection from risks               director, and the former chief financial\nassociated with e-banking, ensure that         officer were found guilty of 15 felony\nexaminations adequately consider the           counts of fraud and conspiracy related\nreliability of appraisals and sufficiency      to BestBank\xe2\x80\x99s $248 million failure\nof insurance coverage when evaluating          in 1998. (See pages 11-30.)\nan institution\xe2\x80\x99s lending activities, and\n\n                                Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 7\n\x0c Strategic Goal 2                                  of financial institutions\xe2\x80\x99 oversight of\n Insurance: Help the FDIC                          technology service providers and\n Maintain the Viability of the                     made recommendations to help in\n                                                   protecting customers from identity\n Insurance Fund\n                                                   theft and institutions from fraud and\n   Ongoing audit work related to the               reputational and other risks associated\n FDIC\xe2\x80\x99s dedicated examiner program                 with unauthorized access to or use\n will help ensure that the Corporation\xe2\x80\x99s           of customer information. As a result\n Dedicated Examiner Program is                     of audit work related to amendments\n contributing to the FDIC\xe2\x80\x99s efforts to             to Community Reinvestment Act\n assess and quantify the risks posed               regulations, we suggested strengthened\n by large institutions to the Deposit              examiner guidance for implementing\n Insurance Fund. Given that the FDIC               and reporting on community\n is not generally the primary federal              development tests and development\n regulator for the largest financial               of a strategy for measuring the impact\n institutions, this program has placed             of amendments to the regulations.\n dedicated examiners in the six largest            From an investigative standpoint, our\n insured depository institutions to                Electronic Crimes Unit responded to\n work in cooperation with primary                  phishing schemes where the FDIC\n supervisors and bank personnel to                 and OIG Web sites were misused to\n obtain real-time access to information            entice consumers to divulge personal\n about the risk and trends in those                information and successfully shut\n institutions. (See pages 31-32.)                  down several Web sites used for such\n                                                   purposes. The Electronic Crimes Unit\n Strategic Goal 3                                  was also successful in deactivating\n Consumer Protection: Assist the                   Web sites and/or fax numbers involving\n FDIC to Protect Consumer Rights                   fraudulent claims of FDIC insurance\n and Ensure Customer Data                          or affiliation. (See pages 33-38.)\n Security and Privacy\n   Audits and investigations\n contributed to the FDIC\xe2\x80\x99s protection\n of consumers in several ways. We\n issued a report on information\n technology (IT) examination coverage\n\n8 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0cStrategic Goal 4                              Strategic Goal 5\nReceivership Management:                      Resources Management:\nHelp Ensure that the FDIC                     Promote Sound Governance\nis Ready to Resolve Failed                    and Effective Stewardship and\nBanks and Effectively Manages                 Security of Human, Financial, IT,\nReceiverships                                 and Physical Resources\n  We gained a better understanding              We issued several audit and\nof the implications of a large bank           evaluation reports in this goal area\nfailure through monitoring of a large         and made recommendations to\nbank resolution scenario. We also             strengthen contract planning and\nbegan an assignment to evaluate the           management for business continuity,\ndesign and implementation of selected         ensure appropriate use of information\ncontrols established by the Division          in an identifiable form and enhanced\nof Resolutions and Receiverships              protection of sensitive FDIC data,\nto safeguard sensitive information            strengthen contract administration and\ncollected and maintained in electronic        oversight of IT support services for the\nform in resolution and receivership           Corporation, and improve information\nactivities at FDIC-insured institutions.      security controls. We reported on\nWe continued to pursue concealment            the FDIC\xe2\x80\x99s succession planning\nof assets investigations related to the       efforts. We also promote integrity\nmore than $1.7 billion in criminal            in FDIC internal operations through\nrestitution that the FDIC is owed. In         ongoing OIG Hotline referrals,\nconnection with one such case worked          investigations of employee cases,\nin conjunction with the FDIC Legal            and coordination with the FDIC\xe2\x80\x99s\nDivision, during the reporting period         Ethics Office. (See pages 43-50.)\nthe former chief executive officer of\nSunbelt Savings and Loan, Dallas,             Strategic Goal 6\nTexas, was sentenced to 97 months             OIG Internal Processes: Build\nof incarceration and ordered to pay a         and Sustain a High-Quality OIG\ncriminal forfeiture of more than              Work Environment\n$2 million to the U.S. government and\nrestitution of more than $300,000              We focused increased attention on\nto the FDIC. (See pages 39-42.)               a number of activities in this goal\n                                              area during the past 6 months. We\n\n                               Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 9\n\x0c  encouraged individual growth through           Significant Outcomes\n  professional development by way                (October 2006 - March 2007)\n  of initiatives such as training and\n                                                  Audit and Evaluation Reports Issued                                    11\n  development and career development\n  plans for OIG staff and expanding               Nonmonetary Recommendations                                            35\n\n  the OIG mentoring program. We                   Investigations Opened                                                  32\n  also strengthened human capital                 Investigations Closed                                                  30\n  management and leadership                       OIG Subpoenas Issued                                                   25\n  development by developing end-of-               Judicial Actions:\n  assignment feedback mechanisms\n                                                  Indictments/Informations                                               18\n  for staff, incorporating leadership\n                                                  Convictions                                                            26\n  training in training and development\n  plans, and updating the OIG\xe2\x80\x99s                   OIG Investigations Resulted in:\n  business continuity and emergency               Fines of                                                             $675\n  preparedness plans and procedures.              Restitution of                                                 $70,062,511\n  Our office continued to foster positive         Asset Forfeiture of                                             $5,500,000\n  stakeholder relationships by way of             Total                                                         $75,563,186\n  OIG executives meetings with FDIC\n                                                  Cases Referred to the Department of Justice (U.S. Attorney)            27\n  executives; presentations at Audit\n  Committee meetings; congressional               Cases Referred to FDIC Management                                       2\n  interaction; coordination with financial        OIG Cases Conducted Jointly with Other Agencies                       111\n  regulatory OIGs, other members of               Hotline Allegations Referred                                           79\n  the Inspector General community,                Proposed Regulations and Legislation Reviewed                           3\n  other law enforcement officials, and\n                                                  Proposed FDIC Policies Reviewed                                        21\n  the Government Accountability Office.\n  New members of the OIG Employee                 Responses to Requests and Appeals under                                 4\n                                                  the Freedom of Information Act\n  Advisory Group took office, and we\n  maintained and updated the OIG\n  Web site to provide easily accessible             effective and secure IT, we continued\n  information to parties interested in our          to coordinate closely with the FDIC\xe2\x80\x99s\n  office and the results of our work.               Division of Information Technology.\n                                                    We are also taking steps to identify\n    We conducted internal quality                   and evaluate options and requirements\n  reviews of Office of Audits assignments           needed to streamline, enhance, and\n  and various Office of Investigations              improve collection and reporting of\n  operational components and began                  information to manage OIG audits\n  work to revise audit policies and                 and evaluations. We implemented\n  procedures to address changes in                  upgrades to the OIG\xe2\x80\x99s training system\n  the 2007 revision to Government                   and updated the OIG\xe2\x80\x99s internal\n  Auditing Standards, process changes               Business Plan 2007 Dashboard to\n  resulting from an internal assignment             capture progress on achievement\n  management review, and external                   of strategic and performance\n  peer review results. To ensure cost-              goals. (See pages 51-56.)\n10 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0c                                            Strategic Goal 1:\n                                            Supervision: Assist\n                                            the FDIC to Ensure\n                                            the Nation\xe2\x80\x99s Banks\n                                            Operate Safely and\n                                            Soundly\n\n\n\n\nB Bank supervision is fundamental to\nthe FDIC\xe2\x80\x99s efforts to ensure stability\nand public confidence in the nation\xe2\x80\x99s\nfinancial system. As of December\n                                               regulator for a number of ILCs,\n                                               which are limited-charter depository\n                                               institutions. ILCs may be owned by\n                                               commercial firms, and these parents\n31, 2006, the FDIC was the primary             may not be subject to consolidated\nfederal regulator for 5,220 FDIC-              supervision by a federal banking\ninsured, state-chartered institutions          regulator. As of September 30, 2006,\nthat were not members of the Federal           there were 58 operating ILCs with\nReserve System (generally referred to          aggregate total assets of $177 billion.\nas \xe2\x80\x9cstate non-member\xe2\x80\x9d institutions).           The FDIC must establish and maintain\nThe Department of the Treasury (the            effective controls in its processes for\nOffice of the Comptroller of the               granting insurance to, supervising,\nCurrency and the Office of Thrift              and examining ILCs, taking into\nSupervision) or the Federal Reserve            consideration the relationship between\nBoard supervise other banks and                the ILC and its parent company and the\nthrifts, depending on the institution\xe2\x80\x99s        effect of such a relationship on the ILC.\ncharter. While the number of institutions      This is especially important when the\nwhere the FDIC is the primary federal          ILC\xe2\x80\x99s parent company is not subject to\nsupervisor showed a steady decline             the scope of consolidated supervision,\nover the past 4 years, the dollar value        consolidated capital requirements,\nof assets held by those institutions           or enforcement actions imposed\nshowed a steady increase during the            on parent organizations subject to\nsame period. The Corporation also              the Bank Holding Company Act.\nhas back-up examination authority\n                                                 In recent years, the banking industry\nto protect the interests of the deposit\n                                               has been marked by consolidation,\ninsurance fund for more than 3,473\n                                               globalization, and the development\n(as of December 31, 2006) national\n                                               of increasingly complex investment\nbanks, state-chartered banks that\n                                               strategies available to banks. Bank\nare members of the Federal Reserve\n                                               regulators, both domestically and\nSystem, and savings associations.\n                                               internationally, have devised new\n  Another important aspect of the              standards for bank capital requirements\nFDIC\xe2\x80\x99s supervisory responsibilities            commonly referred to as Basel IA\nrelates to industrial loan companies           and Basel II. The FDIC and the other\n(ILCs). The FDIC is the primary federal        bank regulators continue to assess\n\n                               Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 11\n\x0c  the potential impact of new standards               Part of the FDIC\xe2\x80\x99s overall responsibility\n  on bank safety and soundness.                     and authority to examine banks\n                                                    for safety and soundness is the\n    The FDIC has adopted a risk-focused\n                                                    responsibility for examining state-\n  approach to examining financial\n                                                    chartered non-member financial\n  institutions to minimize regulatory\n                                                    institutions for compliance with the\n  burden and direct its resources to those\n                                                    Bank Secrecy Act (BSA). The BSA\n  areas that carry the greatest potential\n                                                    requires financial institutions to\n  risk. The FDIC must also ensure that\n                                                    keep records and file reports on\n  financial institutions have adequate\n                                                    certain financial transactions. FDIC-\n  corporate governance structures\n                                                    supervised institutions must establish\n  relative to the bank\xe2\x80\x99s size, complexity,\n                                                    and maintain procedures to assure\n  and risk profile to prevent financial\n                                                    and monitor compliance with BSA\n  losses and maintain confidence in\n                                                    requirements. An institution\xe2\x80\x99s level of\n  those entrusted with operating the\n                                                    risk for potential money laundering\n  institutions. The FDIC\xe2\x80\x99s follow-up\n                                                    determines the necessary scope of the\n  processes must be effective to ensure\n                                                    BSA examination. In a related vein,\n  institutions are promptly complying with\n                                                    the U.S. Department of the Treasury\xe2\x80\x99s\n  supervisory actions that arise as a result\n                                                    Office of Foreign Assets Control\n  of the FDIC\xe2\x80\x99s examination process.\n                                                    (OFAC) promulgates, develops, and\n    The Corporation is also faced with              administers economic and trade\n  developing and implementing programs              sanctions such as trade embargoes,\n  to minimize the extent to which the               blocked assets controls, and other\n  institutions it supervises are involved in        commercial and financial restrictions\n  or the victims of financial crimes and            under the provisions of various laws.\n  other abuse. Increased reliance by both           Generally OFAC regulations prohibit\n  financial institutions and non-financial          financial institutions from engaging in\n  institution lenders on third-party brokers        transactions with the governments of, or\n  has also increased opportunities for              individuals or entities associated with,\n  increased real-estate frauds, including           foreign countries against which federal\n  property flipping and other mortgage              law imposes economic sanctions.\n  frauds. Examiners must be alert to                Sanctions can also be used against\n  the possibility of such fraudulent                international drug traffickers, terrorists,\n  activity in financial institutions\xe2\x80\x94it is          or foreign terrorist organizations,\n  purposeful and often hard to detect.              regardless of national affiliation.\n\n12 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0c  In its role as supervisor, the FDIC           \xe2\x80\xa2 Protect and ensure the\nalso analyzes data security threats,              effectiveness and efficiency of the\noccurrences of bank security breaches,            FDIC\xe2\x80\x99s Supervision Program, and\nand incidents of electronic crime that\n                                                \xe2\x80\xa2 Assist FDIC efforts to detect\ninvolve financial institutions. Misuse\n                                                  and prevent BSA violations,\nand misappropriation of personal\n                                                  money laundering, terrorist\ninformation are emerging as major\n                                                  financing, fraud, and other financial\ndevelopments in financial crime.\n                                                  crimes in FDIC-insured institutions.\nDespite generally strong controls and\npractices by financial institutions,           OIG Work in Support of Goal 1\nmethods for stealing personal data               The OIG\xe2\x80\x99s Office of Audits issued\nand committing fraud with that                 three reports in the Supervision area\ndata are continuously evolving.                in furtherance of our safety and\n  The OIG\xe2\x80\x99s role under this strategic          soundness-related goal during the\ngoal is conducting audits and                  reporting period, as discussed below.\nevaluations that review the effectiveness      Division of Supervision\nof various FDIC programs and                   and Consumer Protection\xe2\x80\x99s\nexamination processes aimed at                 Information Technology-Risk\nproviding continued stability to               Management Program\nthe nation\xe2\x80\x99s banks. Another major\nmeans of achieving this goal is                  Interagency guidelines require\nthrough investigations of fraud at             financial institutions to implement a\nFDIC-supervised institutions; fraud            comprehensive written information\nby bank officers, directors, or other          security program. To ensure that\ninsiders; fraud leading to the failure         FDIC-supervised financial institutions\nof an institution; fraud impacting             implement adequate information\nmultiple institutions; and fraud               security program controls, the\ninvolving monetary losses that could           Corporation conducts periodic\nsignificantly impact the institution.          onsite information technology (IT)\n                                               examinations and, in August 2005,\n  To assist the FDIC to ensure                 the Division of Supervision and\nthe nation\xe2\x80\x99s banks operate safely              Consumer Protection (DSC) established\nand soundly, the OIG\xe2\x80\x99s 2007                    the Information Technology-Risk\nperformance goals are as follows:              Management Program (IT-RMP). IT-RMP\n                                               replaced the broad-based technology\n\n                                Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 13\n\x0c  and control reviews conducted under               methodology examiners should use\n  the former IT examination program.                in deriving the IT composite rating for\n                                                    a financial institution. Such clarified\n    During the reporting period, we\n                                                    guidance would increase assurance\n  conducted an audit to determine\n                                                    that IT ratings accurately and\n  whether the FDIC has established and\n                                                    consistently reflect the effectiveness\n  implemented adequate procedures\n                                                    of an institution\xe2\x80\x99s IT risk management\n  for addressing IT security risks at\n                                                    practices and the adequacy of its\n  FDIC-supervised institutions that\n                                                    information security program.\n  offer electronic banking products\n  and services. We focused this                       We made seven recommendations\n  review on the IT-RMP and DSC\xe2\x80\x99s                    to enhance the tools and guidance\n  examiner training framework in                    under the IT-RMP methodology\n  relationship to the new program.                  and the IT training programs. FDIC\n                                                    management generally agreed\n    We reported that DSC has established\n                                                    with our recommendations and is\n  procedures within the IT-RMP for\n                                                    taking responsive action to review\n  addressing IT security risks at FDIC-\n                                                    DSC\xe2\x80\x99s tools, guidance, and training\n  supervised financial institutions.\n                                                    programs as part of an evaluation\n  These procedures address most of\n                                                    of the first year of performance\n  the information security requirements\n                                                    under the IT-RMP program.\n  contained in interagency guidance.\n  Our review of 12 IT examinations                  FDIC\xe2\x80\x99s Supervision of Financial\n  found that examiners generally followed           Institutions\xe2\x80\x99 Compliance with\n  the procedures outlined in the IT-RMP.            Office of Foreign Assets Control\n  We also noted that improvements                   Compliance Programs\n  to the IT-RMP program would help\n                                                     During the reporting period, we\n  to ensure adequate and consistent\n                                                    conducted an audit to determine\n  implementation of the IT-RMP and\n                                                    whether the FDIC\xe2\x80\x99s DSC provides\n  related examination procedures.\n                                                    effective supervision of compliance\n    Specifically, DSC could revise certain          with OFAC regulations by FDIC-\n  IT-RMP tools to assist examiners in               supervised institutions.\n  more effectively identifying relevant\n                                                     We determined that the FDIC\xe2\x80\x99s\n  IT security risks to be assessed.\n                                                    supervisory approach to OFAC\n  Additionally, updated IT-RMP guidance\n                                                    compliance includes examinations\n  could more clearly address the\n14 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0cof controls established and                 financial institution OFAC sanctions\nimplemented by FDIC-supervised              violations, compliance program\nfinancial institutions to ensure            deficiencies, and OFAC-related\ncompliance with OFAC regulations.           enforcement actions; and issuing\nFor the examinations we reviewed,           additional guidance to examiners to\nFDIC examiners generally followed           ensure consistent and comprehensive\ninteragency guidelines in assessing         documentation of OFAC compliance to\nthe appropriateness of implemented          better assist the FDIC and subsequent\ncontrols and whether those controls         examination teams in ensuring\nwere commensurate with the financial        financial institution compliance with\ninstitutions\xe2\x80\x99 specific product lines,       OFAC laws and regulations. DSC\ncustomer base, nature of transactions,      management concurred with two of\nand identification of high-risk             our four recommendations in this\nareas. In addition, the FDIC has            regard and agreed with the intent of\ntaken important steps to address            the remaining two recommendations.\ninstitutions\xe2\x80\x99 OFAC compliance, such         Management\xe2\x80\x99s comments were\nas participating in developing and          responsive to all recommendations.\nissuing interagency guidance for\n                                              We also identified a matter for\nexaminers and banking organizations,\n                                            congressional consideration regarding\nincluding notifications on updates\n                                            examination and enforcement\nto OFAC\xe2\x80\x99s Specially Designated\n                                            authorities associated with institution\nNationals and Blocked Entities list;\n                                            compliance with OFAC regulations.\nconducting OFAC-related training and\n                                            Specifically, a more comprehensive\noutreach activities for examiners and\n                                            statutory and regulatory framework\nthe banking industry; issuing BSA-\n                                            exists for the examination and\nrelated cease and desist orders that\n                                            enforcement of BSA compliance and\nincluded OFAC-related provisions; and\n                                            the establishment of BSA compliance\nsigning an interagency Memorandum\n                                            programs than for OFAC compliance,\nof Understanding, which governs\n                                            although both BSA and OFAC\ninformation-sharing between the\n                                            requirements address national security\nFederal Banking Agencies and OFAC.\n                                            and law enforcement concerns.\n  We noted that DSC could enhance\nits supervisory approach to OFAC\ncompliance by monitoring and tracking\n\n                             Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 15\n\x0c  Examination Assessment of                         examination documentation that\n  the Reliability of Appraisals                     examiners had specifically considered\n  and Sufficiency of Insurance                      the reliability of appraisals as part of\n  Coverage for Real Estate Lending                  an institution\xe2\x80\x99s real estate appraisal\n                                                    program. As a result, there was\n   Another of our audits during the\n                                                    inadequate assurance that these\n  reporting period was designed to\n                                                    institutions were complying with the\n  determine whether FDIC examiners\n                                                    minimum appraisal standards in the\n  adequately consider the reliability of\n                                                    FDIC Rules and Regulations designed\n  appraisals and sufficiency of insurance\n                                                    to ensure the reliability of appraisals.\n  coverage for collateral as part of an\n  assessment of an institution\xe2\x80\x99s lending              Overall, the examinations we\n  policies, procedures, and practices               reviewed adequately considered the\n  related to real estate loans. This                sufficiency of property insurance and\n  audit focused primarily on institution            flood insurance coverage for collateral\n  and examination guidance.                         on real estate loans; however, we\n                                                    identified one area of concern. This\n    We found that the FDIC\xe2\x80\x99s guidance\n                                                    area relates to ensuring that institutions\n  to institutions and examiners on the\n                                                    have adequate controls to avoid\n  reliability of appraisals and sufficiency\n                                                    flood insurance lapses in cases where\n  of property and flood insurance\n                                                    escrowing is not performed. Both\n  for real estate loans was generally\n                                                    the borrowers and the institutions\n  adequate. As for the application of\n                                                    are exposed to a greater risk of an\n  existing examination guidance, based\n                                                    uninsured loss from flooding during\n  on a limited sample of 11 institutions,\n                                                    a period of lapsed insurance.\n  we found that examiners had reviewed\n  appraisal information as part of their              Finally, we learned that a lapse in\n  assessment of a financial institution\xe2\x80\x99s           flood insurance coverage can occur in\n  residential real estate lending and               situations where a financial institution\n  loan portfolio management. We                     that is not escrowing for flood\n  also found that examiners had                     insurance premiums must purchase\n  considered the sufficiency of property            flood insurance because a borrower\n  and flood insurance for the 11                    has not maintained such coverage.\n  examinations. However, for 6 of                   This lapse can occur because the\n  the 11 examinations we reviewed,                  required 45-day waiting period\n  we found limited evidence in the                  under the Flood Disaster Protection\n\n16 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0cAct\xe2\x80\x94after which a financial institution       with weakened credit histories\nis required to purchase flood insurance       typically characterized by payment\non behalf of the borrower\xe2\x80\x94is longer           delinquencies, previous charge-offs,\nthan the 30-day grace period, as set          judgments, or bankruptcies. Over\nforth in National Flood Insurance             the years, subprime lending volumes\nProgram guidelines, during which              have increased significantly. In July\ninsurance coverage remains in effect          2001, federal banking regulatory\nafter expiration. Thus, the borrower          agencies issued expanded examination\nand financial institution may have            guidance on subprime lending. Our\nno flood insurance coverage for 15            approach to auditing this area is to\ndays or more until the institution is         look at subprime practices related\nable to purchase flood insurance on           to specific business lines, namely\nbehalf of the borrower. We provided           mortgages, credit cards, and\nthis information to assist the Congress       automobile loans. Our first focus is\nin considering whether legislative            on subprime credit card banks.\naction regarding flood insurance\n                                                Another significant assignment in this\nwould help reduce the risk associated\n                                              area relates to implementation of the\nwith flood insurance policy lapses.\n                                              USA Patriot Act. We are conducting\n  Our report recommended that                 audit work to determine whether\nDSC enhance guidance related                  examination procedures are designed\nto (1) examiners ensuring the                 to evaluate institution compliance\nreliability of appraisals and (2)             with the anti-money laundering and\ninstitutions addressing the need for          terrorist financing provisions of the\nadequate controls to avoid lapses             Act and whether those procedures are\nin flood insurance coverage. DSC              fully and consistently implemented\nmanagement concurred with the                 to provide reasonable assurance\nfindings and recommendations.                 that institutions with weak programs\nOngoing Audit Work                            for detecting money laundering\n                                              and terrorist financing activity\n  The OIG\xe2\x80\x99s ongoing work in this              will be identified and appropriate\nstrategic goal area includes a                corrective measures imposed.\nreview of the FDIC\xe2\x80\x99s oversight of\nsubprime lending at FDIC-supervised\ninstitutions. Subprime lending refers\nto programs that target borrowers\n                               Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 17\n\x0c  Successful OIG Investigations                     $31.7 million was issued in the\n  Uncover Financial                                 Hamilton Bank (Hamilton) case. The\n  Institution Fraud                                 former Hamilton chairman of the\n                                                    board and chief executive officer was\n    The OIG\xe2\x80\x99s Office of Investigations\xe2\x80\x99\n                                                    ordered individually to pay a total of\n  work focuses largely on fraud\n                                                    $16.1 million to the FDIC, and $1.1\n  that occurs at or impacts financial\n                                                    million to Twin City Fire Insurance\n  institutions. The perpetrators\n                                                    Company (Twin City). These amounts\n  of such crimes can be those\n                                                    represent restitution of losses suffered\n  very individuals entrusted with\n                                                    as a result of the bank fraud for which\n  governance responsibilities at the\n                                                    the former chairman of the board\n  institutions\xe2\x80\x94directors and bank\n                                                    was convicted in May 2006. The\n  officers. In other cases, individuals\n                                                    restitution to Twin City will reimburse\n  providing professional services to\n                                                    the company for money previously\n  the banks, others working inside the\n                                                    paid to the FDIC pursuant to a civil\n  bank, and customers themselves are\n                                                    settlement following Hamilton\xe2\x80\x99s failure.\n  principals in fraudulent schemes.\n                                                      As a result of the securities fraud\n    The following cases from the\n                                                    for which he was convicted, the\n  reporting period are illustrative\n                                                    former chairman of the board was\n  of some of the OIG\xe2\x80\x99s success in\n                                                    also ordered to pay $14.5 million\n  pursuing strategic goal 1 during\n                                                    in restitution, jointly and severally,\n  the reporting period. These cases\n                                                    with his two co-defendants, the\n  reflect the cooperative efforts of\n                                                    former Hamilton president and the\n  OIG investigators, FDIC divisions\n                                                    former chief financial officer.\n  and offices, U.S. Attorneys\n  Offices, and others in the law                      On May 10, 2006, the former\n  enforcement community.                            chairman of the board was convicted\n                                                    by a jury of all charges against him\n  Convicted Hamilton Bank Officers                  following a month-long trial in Miami,\n  Ordered to Pay $32 Million in Total               Florida. He was found guilty of each\n  Restitution for Bank and Securities Fraud         of the 10 objects of the conspiracy\n    On October 20, 2006, in the                     contained in the second superseding\n  U.S. District Court for the Southern              indictment. He was also convicted\n  District of Florida, a restitution order          of each of the 15 substantive\n  in the aggregate amount of                        counts charged in the indictment.\n\n18 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0c                                     Those charges consisted of wire               their accountants regarding the true\n                                     fraud, bank fraud, securities fraud,          financial health of Hamilton Bancorp\n                                     obstruction of a bank examination,            and Hamilton Bank. In 1998 and\n                                     false statements, and obstruction of          1999, the three defendants engaged\n                                     an agency proceeding. The former              in swap transactions (or \xe2\x80\x9cadjusted\n                                     president pleaded guilty to two               price trades\xe2\x80\x9d) to hide Hamilton Bank\xe2\x80\x99s\n                                     counts of securities fraud, and the           losses on certain loans, including\n                                     former chief financial officer pleaded        more than $22 million in losses in\n                                     guilty to one count of securities             1998, and falsely accounted for the\n                                     fraud and one count of obstruction            transactions to make it appear that\n                                     of a formal agency proceeding.                no losses had been incurred. While\nOIG Special Agent Gary Sherrill,\n                                     Both men pleaded guilty before                the defendants falsely reported the\nrecipient of the FDIC Chairman's     the trial and cooperated with the             nature of the swap transactions to the\n2006 Award for Excellence, was\ninstrumental in the successful       government during the investigation.          investing public and the regulators,\noutcome of the Hamilton Bank case.\n                                      On July 26, 2006, the former                 the indictment cited recorded\n                                     chairman of the board was                     conversations in which the defendants\n                                     sentenced to a total of 30 years              openly discussed the transactions\n                                     of incarceration and 36 months                as swaps. During 1998, Hamilton\n                                     of supervised release. The former             Bancorp had a market capitalization\n                                     president and chief financial officer         of more than $300 million.\n                                     were each sentenced to serve 28                 Hamilton Bank was South Florida\xe2\x80\x99s\n                                     months in prison, to be followed by           highest profile trade finance bank\n                                     24 months of supervised release.              before it ran into trouble with its\n                                       The defendants participated in              regulator, the OCC, over a number\n                                     a fraudulent scheme whereby                   of issues, including the questionable\n                                     they falsely inflated the results of          loan swaps that allowed the bank\n                                     operations, earnings, and financial           to hide $22 million in losses in\n                                     condition of Hamilton Bancorp in the          1998. The OCC closed the bank in\n                                     Securities and Exchange Commission            January 2002, and the FDIC took on\n                                     filings; obstructed the Office of the         liquidation responsibilities as receiver.\n                                     Comptroller of the Currency\xe2\x80\x99s (OCC)             Investigation conducted by the FDIC OIG;\n                                     examination of Hamilton Bank;                 prosecuted by the U.S. Attorney\xe2\x80\x99s Office\n                                                                                   for the Southern District of Florida.\n                                     and lied to the investing public, the\n                                     bank and securities regulators, and\n\n                                                                    Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 19\n\x0c  Judge Convicts Former BestBank Executives         market interest rates. In July 1998,\n  of Fraud Related to 1998 BestBank Failure         the bank was closed. The Colorado\n    On February 12, 2007, in the                    State Banking Commissioner and\n  U.S. District Court for the District              the FDIC determined that the value\n  of Colorado, the former BestBank                  of the subprime credit card loans\n  owner and chief executive officer                 maintained as an asset on the\n  and chairman of the board of                      books of BestBank was overstated\n  directors, the former president                   because delinquent loans were\n  and director, and the former chief                fraudulently made to appear non-\n  financial officer, were found guilty              delinquent. BestBank\xe2\x80\x99s liability to its\n  of 15 felony counts of fraud and                  depositors exceeded the value of its\n  conspiracy relating to BestBank\xe2\x80\x99s                 other assets, making it insolvent and\n  $248 million failure in 1998.                     one of the largest bank failures.\n    After a 3-week trial in August 2005,              BestBank entered into agreements\n  other co-defendants\xe2\x80\x94the owners                    with Century Financial to market\n  of Century Financial Services, Inc.               the BestBank credit cards to sub-\n  and its successor Century Financial               prime borrowers. Century Financial\n  Group, Inc., were found guilty by                 sold $498 travel club memberships,\n  a federal jury on charges of bank                 marketed first through Universal Tour\n  fraud, wire fraud, filing false bank              Travel Club and later through All\n  reports, and continuing a financial               Around Travel Club. In almost every\n  crimes enterprise in connection with              instance, those who signed up for\n  the 1998 failure of BestBank.                     the travel club did not pay cash for\n                                                    their membership. Instead, BestBank\n    From 1994 through July 1998, all                and Century Financial offered to\n  of these defendants jointly engaged               finance a travel club membership\n  in a business operation that made                 for sub-prime borrowers using a\n  more than 500,000 BestBank credit                 newly issued BestBank VISA credit\n  card loans to subprime borrowers.                 card. The credit limit for the sub-\n  Subprime credit card borrowers are                prime borrowers as provided by\n  high-risk borrowers with poor credit              the bank was $600. BestBank also\n  histories. The credit card accounts               charged fees, which immediately\n  were funded by BestBank using                     brought the borrowers close to the\n  money from depositors. BestBank                   credit limit. Less than half of those\n  attracted depositors by offering above-\n\n20 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0cwho signed up for the travel club               Joint investigation by the FDIC OIG,\nreceived their membership materials.          the Federal Bureau of Investigation (FBI),\n                                              and the Internal Revenue Service Criminal\n  The defendants carried out a                Investigative Division; prosecuted by the U.S.\nfraudulent scheme in several                  Attorney\xe2\x80\x99s Office for the District of Colorado.\nways. Most people did not pay the\nmandatory $20 service fee required            Former Exchange Bank President\nbefore the account was funded. Over           Indicted on 13 Counts of Bank Fraud\n50 percent of the sub-prime borrowers\xe2\x80\x99          On December 12, 2006, the former\naccounts were non-performing.                 president of Exchange Bank, Gibbon,\n  BestBank and Century Financial, in          Nebraska, was indicted on eight counts\nmany instances, did not send the sub-         of bank fraud, four counts of making\nprime borrowers their credit card or          false bank entries, and one count of\nmonthly statements. The two owners            making a false statement to the FDIC.\nof Century Financial fraudulently             Exchange Bank lost approximately\nconcealed the sub-prime borrowers\xe2\x80\x99            $1 million due to the alleged\nnon-performance and delinquency               fraudulent activities of the defendant.\nrates by reporting non-performing               The indictment alleges that from July\naccounts as performing. The Century           2001 through June 2004, the former\nowners paid $20 to some accounts so           president entered into loan agreements\nthey would appear to be performing            and loaned money from the bank to\nwhen, in fact, they were not.                 individuals for the purpose of inflating\n  BestBank was an FDIC-regulated              his loan portfolio with Exchange Bank.\ninstitution that was closed on July 23,       When the loans were not paid off,\n1998, by the Colorado State Banking           the former president would take the\nCommission and the FDIC, making               money out of third parties' accounts\nit one of the largest bank failures in        with the bank without the account\nthe United States in the last 10 years.       holders\xe2\x80\x99 knowledge in order to make\nDepositors\xe2\x80\x99 losses exceeded $200              payments on suspect creditors\xe2\x80\x99 loans\nmillion. The FDIC\xe2\x80\x99s Bank Insurance            and would then falsify documents to\nFund covered all depositors\xe2\x80\x99 losses           cover up the illegal transactions.\nexcept for $27 million of deposits             In addition, the defendant allegedly\nwhich exceeded the $100,000                   directed individuals to provide false\nper-account insurance limit.                  vehicle inventories and real estate\n\n                               Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 21\n\x0c  information to falsely represent                  Former President and CEO of\n  collateral for questionable loans. He             Farmers Deposit Bank Charged\n                                                    in a 30-Count Indictment\n  allegedly signed and approved the\n  false financial documents, which gave               On December 7, 2006, the former\n  the impression that collateral was                president and CEO of Farmers Deposit\n  available for the loan in question,               Bank, Eminence, Kentucky, was\n  when in fact, the collateral stated did           charged in the U.S. District Court for\n  not exist and the financial documents             the Eastern District of Kentucky, with 29\n  were materially false and inflated.               counts of bank fraud and one count\n  When the defendant received                       of misapplication of bank funds.\n  cash payments from individuals\n                                                      The indictment charged that the\n  with questionable loans, he would\n                                                    defendant concealed substantial\n  not apply those cash transactions\n                                                    losses to the bank by various methods,\n  to loan payments but kept those\n                                                    including making loans under false\n  payments for his own use.\n                                                    or misleading names to nominee\n    The indictment also alleges that the            borrowers in an effort to keep other\n  defendant provided cashier\xe2\x80\x99s checks               loans current. The defendant was\n  to third parties and would falsify or             also charged with altering documents\n  fail to provide proper documentation              (or causing documents to be altered)\n  for the entry of the cashier\xe2\x80\x99s check.             that were presented to the Farmers\xe2\x80\x99\n  These checks would then be provided               Board of Directors, altering loan\n  to third parties for the benefit of               documents to postpone due dates, and\n  both the former bank president and                structuring loans to avoid detection\n  the third party, without proper funds             by the bank\xe2\x80\x99s Board of Directors.\n  to support the transaction, thereby               The indictment also charged that the\n  causing a loss to Exchange Bank.                  defendant misapplied the proceeds of\n   Joint investigation by the FDIC OIG              a loan and released solvent borrowers\n  and the FBI, based on a referral from             from their loan obligations before\n  DSC; prosecuted by the U.S. Attorney\xe2\x80\x99s            the obligations were satisfied.\n  Office for the District of Nebraska.\n                                                      Joint investigation by the FDIC OIG and\n                                                    the FBI based upon a referral from the\n                                                    FDIC Legal Division and DSC; prosecution\n                                                    is being handled by the U.S. Attorney\xe2\x80\x99s\n                                                    Office for the Eastern District of Kentucky.\n\n\n\n22 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0cFormer President of Canton State               of the loan proceeds to the former\nBank and His Wife Plead Guilty to\n                                               president. In some cases, the payee on\nBank Fraud and False Statements\n                                               those checks was listed as the former\n  On February 8, 2007, in the                  president\xe2\x80\x99s wife\xe2\x80\x99s minor child in order\nU.S. District Court for the Eastern            to conceal the payments to him.\nDistrict of Missouri, the former\n                                                 As part of his plea agreement, the\npresident of Canton State Bank\n                                               former president also stipulated to\nand his wife pleaded guilty to fraud\n                                               an action under 8(e) of the Federal\ncharges involving false statements\n                                               Deposit Insurance Act, which provides\nto obtain loans and nominee\n                                               for a lifetime ban from banking.\nloans. As previously reported, the\ndefendants were charged in a 26-                 Joint investigation by the FDIC OIG, the\n                                               FBI, and the U.S. Department of Agriculture\ncount indictment in June 2006.\n                                               OIG, based on a referral from DSC;\n  The indictment charged that                  prosecuted by the U.S. Attorney\xe2\x80\x99s Office\n                                               for the Eastern District of Missouri.\nbetween October 2001 and August\n2004, the defendants understated\ntheir liabilities on loan applications         Former Vice President of Alliance\nwith Canton State Bank, The Paris              Bank Charged with Bank Fraud\nNational Bank, Perry State Bank, Bank            During this reporting period in the\nof Monticello, and the Farm Service            U.S. District Court for the District of\nAgency. In addition, the defendants            Minnesota, the former vice president\nrepresented to Perry State Bank and            of Private Banking, Alliance Bank,\nthe Farm Service Agency that the               New Ulm, Minnesota, was charged\nlivestock and farm equipment that              with one count of conspiracy, three\nthey pledged as collateral security            counts of forged securities, seven\nfor loans was free and clear of all            counts of embezzlement by a bank\nother liens and encumbrances, when             officer, and four counts of mail\nthey had previously pledged the                fraud. The defendant was a primary\nsame collateral for other loans.               lending officer at the bank\xe2\x80\x99s Edina\n Further, between August 2002 and              branch office where she specialized\nMay 2003, the former president                 in larger commercial loans and\nallegedly made numerous loans to               lending to borrowers of higher net\na bank customer, who then wrote                worth. Alliance Bank management\nchecks to return a substantial portion         terminated her employment based on\n\n                                Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 23\n\x0c  questionable lending judgment and                 misapplication by a bank officer for\n  unauthorized lending that caused                  their involvement in the scheme.\n  losses in excess of $1.1 million.                   Joint investigation by the FDIC OIG and FBI,\n                                                    based on a referral from DSC; prosecution\n    In late 2005, an internal bank\n                                                    is being handled by the U.S. Attorney\xe2\x80\x99s\n  investigation uncovered numerous                  Office for the District of Minnesota.\n  defalcations attributed to the defendant\n  and two other senior bank employees.\n                                                    Bank Employee Indicted for Stealing\n  According to the indictment, the                  Over $3.2 Million from BancFirst\n  defendant used her position as a loan\n  officer to divert for her own use funds             On February 16, 2007, the former\n  that customers paid to the bank as well           vault teller and teller supervisor\n  as fictitious fees she tricked customers          at a branch office of BancFirst in\n  into paying. At times, she forged check           Seminole, Oklahoma, was indicted\n  signatures and endorsements. In an                in the U.S. District Court for the\n  attempt to conceal her embezzlement,              Eastern District of Oklahoma, on\n  the defendant altered bank records                98 counts of false entries in the\n  and made false statements when                    books of an FDIC-insured bank, one\n  questioned by bank employees about                count of bank fraud, and one count\n  specific transactions. Over a 4-year              of criminal forfeiture. The criminal\n  period, the defendant and two co-                 forfeiture included a money judgment\n  conspirators used the money obtained              of $3,263,695, forfeiture of real\n  through this scheme for vacations,                property, including 11 motor vehicles\n  home renovations and decorating,                  and tractors, electronic entertainment\n  automobiles, cosmetic surgery,                    equipment, furniture, and jewelry.\n  gambling, and country club dues. The                The defendant was employed at\n  defendant and her co-conspirators                 BancFirst from June 1999 to on or\n  embezzled approximately $1 million                about June 3, 2005. In her capacity,\n  from the bank and its customers.                  she controlled the flow of money\n   As previously reported, the other                in and out of the branch\xe2\x80\x99s vault,\n  two co-conspirators, the former                   teller drawers, and automated teller\n  branch president/chief lending                    machines; prepared the daily vault\n  officer and the former vice president             cash reconciliation reports; and was\n  of commercial lending, pleaded                    responsible for reconciling several\n  guilty to theft, embezzlement, or                 general ledger accounts within\n\n24 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0cthe Seminole branch, including                     defendant earlier pleaded guilty in\nthe branch cash account and the                    July 2006 to a criminal information\nbranch cash in transit account.                    charging him with one count of bank\n  The indictment alleges that the                  fraud. The defendant admitted to\ndefendant created false internal bank              devising a scheme to divert over $18\ndocuments, which purported to show                 million of loan proceeds from creditors.\nthe movement of cash in and out of                   According to the information, the\nthe branch vault, and then, separately             defendant defrauded two financial\ncreated false internal bank documents              institutions of loan payments owed by\nto cure the account imbalances                     third-party borrowers. The defendant\ncaused by her initial false entries.               submitted falsified loan payment\nThe defendant also prepared, and                   documents and financial reports to\ncaused to be delivered to BancFirst                Lincoln State Bank, an FDIC-regulated\nmanagement, false vault cash                       institution, and Ottawa Savings\nreconciliation reports, which overstated           Bank, an Office of Thrift Supervision-\nthe amount of cash in the branch                   regulated institution. Both financial\nvault. The indictment also alleged the             institutions were FDIC insured.\ndefendant received approximately\n                                                     These diverted funds represented\n$3,263,695 from her criminal activity.\n                                                   proceeds/payments against\n  Joint investigation by the FDIC OIG              participation loan agreements\nand the FBI; prosecution is being handled\nby the United States Attorney\xe2\x80\x99s Office\n                                                   between third-party borrowers and\nfor the Eastern District of Oklahoma.              15 financial institutions. Commercial\n                                                   Loan Corporation, Inc., Oak Brook,\n                                                   Illinois, a company controlled by the\nBank Customer Sentenced to 8 Years\nin Prison for $18 Million Bank Fraud               defendant, brokered commercial\n                                                   loans between the affected borrowers\n On November 1, 2006, in the                       and lenders. As part of this service,\nU.S. District Court for the Northern               Commercial Loan Corporation, Inc.,\nDistrict of Illinois, a bank customer              provided collection/payment services\nof Lincoln State Bank was sentenced                for the borrowers. The defendant\xe2\x80\x99s\nto 97 months of incarceration, to be               scheme involved: collecting and\nfollowed by 5 years of supervised                  diverting loan payments owed to\nrelease and was ordered to pay                     creditors, and overselling the loan\n$18.8 million in restitution. The                  participation agreements to other\n\n                                    Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 25\n\x0c  financial institutions to obtain funds             activities surrounding the failure\n  in excess of the borrowers\xe2\x80\x99 approved               of Universal on June 27, 2002.\n  loans. These loan payments and\n                                                       As previously reported, the indictment\n  excess funds were then diverted, for\n                                                     alleged that the Universal customer\n  the defendant\xe2\x80\x99s personal benefit, into\n                                                     conspired with Universal\xe2\x80\x99s chief\n  a manufacturing plant as capitalization\n                                                     operations officer to misapply the\n  loans. The defendant\xe2\x80\x99s diverted funds\n                                                     financial institution\xe2\x80\x99s funds and to\n  were lost when the plant closed and\n                                                     make a false entry in a book, report,\n  these \xe2\x80\x9cloans\xe2\x80\x9d went into default.\n                                                     or statement of or to Universal. The\n    Joint investigation by the FDIC OIG and          scheme and conspiracy caused a loss\n  the FBI, based on a referral from DSC;\n                                                     in excess of $10 million, and Universal\n  prosecuted by the U.S. Attorney\xe2\x80\x99s Office for the\n  Northern District of Illinois, Eastern Division.   was forced to cease operations.\n                                                       The chief operations officer was\n  Universal Federal Savings Bank                     earlier sentenced to 38 months\xe2\x80\x99\n  Customer Sentenced and Ordered                     incarceration, to be followed by 3\n  to Pay $9.7 Million in Restitution                 years\xe2\x80\x99 supervised release, and 600\n    On January 16, 2007, in the                      hours of community service. She was\n  U.S. District Court for the Northern               also ordered to pay restitution in the\n  District of Illinois, a former customer            amount of $1,313,082 to the FDIC.\n  of Universal Federal Savings Bank                    Joint investigation by the FDIC OIG and\n  (Universal) was sentenced to 42                    the FBI based on a referral from DSC;\n  months of incarceration, to be                     prosecuted by the U.S. Attorney\xe2\x80\x99s Office\n                                                     for the Northern District of Illinois.\n  followed by 5 years of supervised\n  release and 300 hours of community\n  service. The defendant was also                    Real Estate Frauds\n  ordered to pay restitution in the\n                                                       The increased reliance by both\n  amount of $9,750,545 to the FDIC\n                                                     financial institution and non-financial\n  and $707,280 to the five Ponzi\n                                                     institution lenders on third-party\n  scheme victims. In July 2006 the\n                                                     brokers has created opportunities for\n  defendant pleaded guilty to one\n                                                     fraud. According to the FBI, mortgage\n  count of wire fraud affecting a\n                                                     fraud is one of the fastest growing\n  financial institution. The guilty plea\n                                                     white-collar crimes. Such illegal\n  is the result of an indictment filed\n                                                     activity can cause financial ruin to\n  in January 2005 concerning the\n\n26 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0chomeowners and local communities.              for the Northern District of Georgia\nIt can further impact local housing            to a one-count criminal information\nmarkets and the economy at large.              charging him with defrauding nBank\nMortgage fraud can take a variety of           of between $7.5 and $11 million. On\nforms and involve multiple individuals,        the same date, a mortgage broker\nbut most cases involve inflating the           and his company, Infinity Mortgage,\nvalue of a property for more than              Atlanta, Georgia, also pleaded guilty\nits worth, with scammers pocketing             to one count of bank fraud for their\nthe difference. Several investigations         role in defrauding nBank of $1.8\nduring the reporting period addressed          million in a mortgage fraud scheme.\nfraudulent mortgage and real estate\n                                                 The mortgage broker, acting on\nschemes, as discussed below.\n                                               behalf of Infinity Mortgage, submitted\n                                               and received short-term funding for 23\nMortgage Fraud Investigation Leads to          loans totaling approximately $1.835\nCharges Against Multiple Defendants\nin the Northern District of Georgia\n                                               million from nBank. These 23 loans\n                                               were placed on Infinity Mortgage\xe2\x80\x99s\n  The OIG\xe2\x80\x99s ongoing investigation              Warehouse line of credit at nBank.\nof mortgage fraud and land flip                The loans were to stay on the nBank\nschemes orchestrated by multiple               line for a short period of time while\nsubjects operating in Georgia,                 the mortgage broker found qualified\nFlorida, Texas, South Carolina,                investors to purchase the loans.\nNorth Carolina, and Nevada has\nresulted in a flurry of guilty pleas. We         The mortgage broker was unable to\ninitiated the investigation based on a         find qualified investors to purchase\nreferral from DSC\xe2\x80\x99s Atlanta Regional           the 23 loans, and the loans became\nOffice. Several FDIC-regulated                 aged on nBank books. In order to\ninstitutions have been victimized              remove the aged loans from the line\nin the mortgage fraud schemes.                 of credit, the mortgage broker, with\n                                               the knowledge and at the direction\n To illustrate, on December 14,                of the former senior vice president,\n2006, the former senior vice president         submitted 23 new loan packages\nof Mortgage Operations at nBank,               that contained false and fraudulent\nan OCC-regulated institution in                information. The mortgage broker\xe2\x80\x99s\nCommerce, Georgia, was charged and             \xe2\x80\x9crolling\xe2\x80\x9d of the loans allowed nBank\npleaded guilty in the U.S. District Court      to remove the aged loans from its\n\n                                Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 27\n\x0c  books; however, the 23 new loans                  directly from the investors. However,\n  eventually were found to be fraudulent            with the knowledge and consent of\n  loans and nBank wrote them off.                   the former senior vice president of\n  The senior vice president knew of                 Mortgage Operations at nBank, the\n  and participated in this \xe2\x80\x9crolling\xe2\x80\x9d                end investors, at the direction of the\n  scheme with the mortgage broker                   mortgage broker, wire transmitted\n  and several other mortgage lenders.               the loan proceeds to a bank account\n                                                    in the name of the mortgage broker,\n    On December 18, another mortgage\n                                                    doing business as J.P. Enterprises.\n  broker and Southern Lenders Mortgage\n  Corporation (Southern Lenders), a                   Joint investigation by the FDIC OIG and\n                                                    the FBI based on a referral from DSC;\n  company the mortgage broker formerly\n                                                    prosecuted by the U.S. Attorney\xe2\x80\x99s Office\n  co-owned in Newnan, Georgia,                      for the Northern District of Georgia.\n  pleaded guilty to bank fraud in the\n  Northern District of Georgia for their\n                                                    Conviction in Mortgage Fraud\n  role in a mortgage fraud scheme. The              Trial in Dallas, Texas\n  guilty pleas are the result of an earlier\n  indictment charging the mortgage                    On March 19, 2007, following a trial\n  broker and Southern Lenders with one              that began February 21, a federal jury\n  count of bank fraud for defrauding                in Dallas convicted a purported real\n  nBank of approximately $3.7 million.              estate investor on all 14 counts in a\n                                                    March 2006 indictment charging him\n    The mortgage broker, acting on                  for his role in orchestrating a mortgage\n  behalf of Southern Lenders, submitted             fraud scheme. Specific charges\n  and received short-term funding for               included bank fraud, wire fraud, and\n  34 loans totaling approximately                   engaging in monetary transactions\n  $3.7 million from nBank. These                    derived from specified unlawful activity.\n  34 loans were placed on Southern                  A second defendant in the case, a\n  Lenders Warehouse line of credit at               loan broker, earlier pleaded guilty to\n  nBank. The loans were subsequently                one count of wire fraud for his role in\n  sold by Southern Lenders to several               the scheme. A third defendant, a loan\n  investors on the secondary market. In             officer, was acquitted of the six counts\n  the normal course of business, when               charged against her in the indictment.\n  such loans are sold, the investors would\n  wire the loan proceeds, and the bank                The indictment alleged that the\n  should have received the proceeds                 three associates devised a scheme\n\n28 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0cto fraudulently obtain 21 mortgage                  Defendants Found Guilty in $2.16\nloans totaling $3,220,550. The                      Million Real Estate Fraud\ndefendants used schemes commonly                      On December 12, 2006, following\nreferred to in the mortgage industry                a 2-week trial in the U.S. District\nas property flips, markups and                      Court for the Northern District of\nkickbacks, and HUD swaps to                         Texas, a jury found two defendants\nfacilitate the mortgage fraud. One of               guilty of all counts in an October\nthe mortgage companies impacted                     3, 2006, superseding indictment\nby this fraud scheme was Fremont                    charging them with conspiracy, mail\nInvestment & Loan, an FDIC-supervised               fraud, wire fraud, bank fraud, and\ninstitution in Brea, California.                    aiding and abetting for their roles in\n  In each instance, one of the                      a mortgage fraud scheme. Two other\ndefendants convinced inexperienced                  defendants earlier pleaded guilty for\nreal estate investors to stand in as straw          their participation in the scheme.\nborrowers and purchase the properties                 Three of the defendants operated\nfor fraudulently inflated sales prices. A           various companies in the Dallas\nsecond defendant, a loan officer, and               area for the purported purpose of\nthe third, a mortgage broker, knowingly             remodeling and marketing investment\nsubmitted false documentation to the                properties. The fourth defendant was\nlenders to enable the straw borrowers               an escrow officer for two Dallas area\nto qualify for the mortgage loans.                  title companies. From December\nEach of the straw borrowers received a              2002 through March 2004, the\nfinancial inducement for participating              four men engaged in a real estate\nin the fraud scheme. Fraudulent real                scheme to defraud various real estate\nestate appraisals were also submitted               lenders, buyers, and sellers, including\nto the lenders to support the inflated              Fremont Investment & Loan. Three\nsales prices of the properties.                     of the defendants located single-\n  Joint investigation by the FDIC OIG and           family residences and recruited straw\nthe FBI; prosecuted by the U.S. Attorney\xe2\x80\x99s          purchasers and borrowers to purchase\nOffice for the Northern District of Texas.          and finance the residences. Fraudulent\n                                                    loan documents were then submitted\n                                                    to the lenders in the name of the straw\n                                                    borrowers falsely indicating the down\n                                                    payment for the loans had been made\n\n                                     Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 29\n\x0c  by the borrowers. The fourth defendant,           among themselves and others. Three\n  as an employee of the title company,              of the defendants also executed\n  would release the loan proceeds early             contracts between their company,\n  to the three others, who would then               Better Homes of Dallas, and the straw\n  purchase cashier\xe2\x80\x99s checks in the name             borrowers, stating the company would\n  of the straw borrowers for the requisite          be responsible for the loans, but they\n  down payment. The defendants caused               later failed to fulfill their contract.\n  inflated loan amounts to be funded                  Joint investigation by the FDIC OIG and\n  by mortgage lenders and financial                 the FBI; prosecuted by the U.S. Attorney\xe2\x80\x99s\n  institutions, and conspired to distribute         Office for the Northern District of Texas.\n  the fraudulently obtained loan proceeds\n\n\n\n                                      A Strong Partnership\n                                      The OIG has partnered with various U.S. Attorneys\xe2\x80\x99 Offices throughout the country in\n                                      bringing to justice individuals who have defrauded the FDIC or financial institutions\n                                      within the jurisdiction of the FDIC, or criminally impeded the FDIC\xe2\x80\x99s examination and\n                                      resolution processes. The alliances with the U.S. Attorneys\xe2\x80\x99 Offices have yielded positive\n                                      results during this reporting period.\n\n                                      Our strong partnership has evolved from years of trust and hard work in pursuing\n                                      offenders through parallel criminal and civil remedies resulting in major successes, with\n                                      harsh sanctions for the offenders. Our collective efforts have served as a deterrent to\n                                      others contemplating criminal activity and helped maintain the public\xe2\x80\x99s confidence in\n                                      the nation\xe2\x80\x99s financial system.\n\n                                      For the current reporting period, we are especially appreciative of the efforts of\n                                      the Assistant U.S. Attorneys in the following offices: Southern District of Florida,\n                                      Western District of Tennessee, Northern District of Illinois, District of Colorado, District\n                                      of Nebraska, Eastern District of Kentucky, Eastern District of Missouri, District of\n                                      Minnesota, Middle District of Georgia, Northern District of Illinois\xe2\x80\x93Eastern Division,\n                                      Northern District of Iowa, Eastern District of Texas, District of Massachusetts, Southern\n                                      District of Texas, Northern District of Iowa, and the Southern District of Illinois.\n\n\n\n\n30 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0c                                           Strategic Goal 2\n                                           Insurance: Help\n                                           the FDIC Maintain\n                                           the Viability of the\n                                           Insurance Fund\n\n\n\n\nF Federal deposit insurance remains\na fundamental part of the FDIC\xe2\x80\x99s\ncommitment to maintain stability\n                                              new on-line tools. System changes\n                                              in support of deposit insurance\n                                              reform will continue in 2007.\nand public confidence in the nation\xe2\x80\x99s\n                                                The continuing consolidation of the\nfinancial system. In February 2006,\n                                              banking industry means there are a\nPresident Bush signed into law the\n                                              few very large institutions that represent\nFederal Deposit Insurance Reform\n                                              an increasingly significant share of the\nAct of 2005, prompting sweeping\n                                              Deposit Insurance Fund\xe2\x80\x99s risk exposure.\nchanges in the federal deposit\n                                              Industry consolidation presents\ninsurance system. The Congress\n                                              benefits and risks to the Deposit\ngave the Corporation 9 months to\n                                              Insurance Fund. While the risks to the\nimplement most of the provisions of\n                                              funds are diminished because of the\nthe legislation. In October 2006, the\n                                              diversification benefits of consolidation\nFDIC Board of Directors approved\n                                              (along geographic and product\na final rule to implement a one-time\n                                              lines), the concentration of deposits\nassessment credit to banks and thrifts.\n                                              in fewer insured depository institutions\nThe credit will be used to offset future\n                                              increases the risks to the Deposit\nassessments charged by the FDIC\n                                              Insurance Fund in the event a large\nand will recognize contributions that\n                                              insured depository institution fails.\ncertain institutions made to capitalize\nthe funds during the first half of the          As a result of industry consolidation,\n1990s. In November 2006, the Board            the assets in the industry are also\nalso adopted a final rule on the              increasingly concentrated in a small\npricing structure and approved a more         number of large, complex institutions\nrisk-sensitive framework for the 95           for which the FDIC is not, for the\npercent of insured institutions that are      most part, the primary supervisor.\nwell capitalized and well managed.            The largest banks operate highly\n                                              complex branch networks, have\n  In addition to the extensive\n                                              extensive international and capital\nrulemaking required in conjunction\n                                              market operations, and work on\nwith deposit insurance reform,\n                                              the cutting edge of technologically\nfundamental changes were made\n                                              sophisticated finance and business.\nin the FDIC\xe2\x80\x99s business functions,\n                                              The increased complexity of the\nincluding modification to major\n                                              industry and the concentration of risk\napplication systems and creation of\n                                              to the insurance funds in the largest\n\n                               Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 31\n\x0c  banking organizations are expected to             cooperation with primary supervisors\n  grow more pronounced over time and                and bank personnel to obtain real-\n  to present greater risk-management                time access to information about the\n  challenges to the Corporation. A two-             risk and trends in those institutions.\n  tiered banking system characterized               We are currently conducting an audit\n  by a limited number of very large,                to determine whether the Dedicated\n  complex institutions and a much                   Examiner Program is contributing to the\n  larger number of small community                  FDIC\xe2\x80\x99s efforts to assess and quantify\n  banks appears to be emerging.                     the risks posed by large institutions\n  The banking regulators, including                 to the Deposit Insurance Fund.\n  the FDIC, need insight into the risks\n                                                      Another of our audits is assessing\n  that are inherent in these different\n                                                    the FDIC\xe2\x80\x99s role in reviewing shared\n  types of banking organizations.\n                                                    national credits (SNC) and the\n    To help the FDIC maintain                       consideration of SNC ratings in\n  the viability of the deposit                      risk management examinations of\n  insurance fund, the OIG\xe2\x80\x99s 2007                    FDIC-supervised institutions. SNCs\n  performance goal is as follows:                   represent the largest and most\n                                                    complex loans and loan commitments\n    \xe2\x80\xa2 Evaluate corporate programs\n                                                    held by FDIC-insured institutions.\n      to identify and manage risks\n      in the banking industry that\n      can cause losses to the fund.\n  OIG Work in Support of Goal 2                         OIG Work Cited in GAO Studies\n    As insurer, the FDIC needs a                        The Federal Deposit Insurance Reform Conforming Amendments\n  comprehensive understanding of the                    Act of 2005, which the President signed into law on February\n  risks that the largest institutions pose to           15, 2006, contains necessary technical and conforming changes\n  the Deposit Insurance Fund. The FDIC                  to implement deposit insurance reform, as well as a number of\n  is not the primary federal regulator                  study and survey requirements. In fulfillment of some of those\n  for most of the large institutions that it            requirements, the U.S. Government Accountability Office issued\n  insures. Therefore, the risk assessment               three reports in February 2007. The FDIC OIG\xe2\x80\x99s work is referenced\n  process is based on a combination of                  in two of the three GAO studies. One of GAO\xe2\x80\x99s reports is entitled,\n  information obtained from the primary                 FDIC: Human Capital and Risk Assessment Programs Appear Sound,\n                                                        but Evaluations of Their Effectiveness Should Be Improved. In this\n  federal regulator, the institution,\n                                                        report, GAO referenced findings in our earlier report on FDIC\n  supervisory activities, market data,                  reserve ratio and assessment determinations and also cited prior\n  and publicly available data. The FDIC                 OIG work related to possible insurance fund losses if a so-called\n  established the Large Bank Branch                     \xe2\x80\x9cmegabank\xe2\x80\x9d were to fail. In the second GAO report entitled, Deposit\n  in headquarters to coordinate the                     Insurance: Assessment of Regulators\xe2\x80\x99 Use of Prompt Corrective\n  FDIC\xe2\x80\x99s nationwide programs focused                    Action Provisions and FDIC\xe2\x80\x99s New Deposit Insurance System, GAO\n  on supervising and assessing risk in                  made several references to issues presented in two of our earlier\n  large institutions. A key program in                  reports on the role of prompt corrective action as part of the\n  this regard is the Dedicated Examiner                 enforcement process and the effectiveness of prompt corrective action\n  Program, established in 2002. This                    provisions in preventing losses to the deposit insurance funds.\n  program has placed dedicated\n  examiners in the six largest insured\n  depository institutions to work in\n\n32 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0c                                           Strategic Goal 3:\n                                           Consumer Protection:\n                                           Assist the FDIC to\n                                           Protect Consumer\n                                           Rights and Ensure\n                                           Customer Data Security\n                                           and Privacy\n\n\nC Consumer protection laws are an\nimportant part of the safety net of\nAmerica. The U.S. Congress has long\nadvocated particular protections\n                                                \xe2\x80\xa2 The Truth in Lending Act\n                                                  requires meaningful disclosure\n                                                  of credit and leasing terms.\n                                                \xe2\x80\xa2 The Fair and Accurate Credit\nfor consumers in relationships\n                                                  Transactions Act further\nwith banks. For example:\n                                                  strengthened the country\xe2\x80\x99s national\n \xe2\x80\xa2 The Community Reinvestment                     credit reporting system and assists\n   Act encourages federally insured               financial institutions and consumers\n   banks to meet the credit needs of              in the fight against identity theft.\n   their entire community.\n                                                 The FDIC carries out its role by\n \xe2\x80\xa2 The Equal Credit Opportunity                (1) providing consumers with access\n   Act prohibits creditor practices            to information about their rights and\n   that discriminate based on race,            disclosures that are required by\n   color, religion, national origin,           federal laws and regulations and\n   sex, marital status, or age.                (2) examining the banks where the\n \xe2\x80\xa2 The Home Mortgage Disclosure Act            FDIC is the primary federal regulator to\n   was enacted to provide information          determine the institutions\xe2\x80\x99 compliance\n   to the public and federal regulators        with laws and regulations governing\n   regarding how depository institutions       consumer protection, fair lending,\n   are fulfilling their obligations towards    and community investment.\n   community housing needs.                      FDIC Chairman Bair has stressed the\n \xe2\x80\xa2 The Fair Housing Act prohibits              importance of economic inclusion and\n   discrimination based on race, color,        has expressed concern that market\n   religion, national origin, sex,             mechanisms are not working as well\n   familial status, and handicap in            as they should for low-to-moderate\n   residential real-estate-related             income families who must often pay\n   transactions.                               high amounts for basic financial\n                                               services that others obtain at far less\n \xe2\x80\xa2 The Gramm-Leach-Bliley Act                  cost. Many people lack the financial\n   eliminated barriers preventing the          skills needed to analyze and compare\n   affiliations of banks with securities       products and their prices. Oftentimes\n   firms and insurance companies               the problem is the lack of disclosures\n   and mandates new privacy rules.             that describe a product and its true\n\n                                Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 33\n\x0c  costs in fair and simple terms. Another           community investment. Additionally, the\n  factor could be linked to aspects of              OIG\xe2\x80\x99s investigative authorities are used\n  safety and soundness regulation that              to identify, target, disrupt, and dismantle\n  could unnecessarily deter banks from              criminal organizations and individual\n  serving the needs of their communities            operations engaged in fraud schemes\n  or create conditions that favor high-cost         that target our financial institutions.\n  products. To address these concerns, in\n                                                      To assist the FDIC to protect consumer\n  addition to the FDIC\xe2\x80\x99s existing Money\n                                                    rights and ensure customer data\n  Smart program, the Corporation has\n                                                    security and privacy, the OIG\xe2\x80\x99s 2007\n  undertaken two initiatives\xe2\x80\x94a military\n                                                    performance goals are as follows:\n  lending initiative and a newly created\n  Advisory Committee on Economic                      \xe2\x80\xa2 Evaluate the effectiveness\n  Inclusion. As the Chairman has pointed                of FDIC programs for ensuring\n  out, continuing dialogue among                        customer data security and\n  consumer advocates, regulators,                       privacy at FDIC-insured institutions.\n  and the banking industry is key to                  \xe2\x80\xa2 Review the FDIC\xe2\x80\x99s examination\n  the challenge of closing the gap                      coverage of institution compliance\n  between what the unbanked and                         at FDIC-insured institutions.\n  underbanked pay for credit and what\n  those in the mainstream pay. In recent              \xe2\x80\xa2 Address allegations of fraudulent\n  testimony before the Subcommittee on                  insurance coverage and identity\n  Financial Institutions and Consumer                   theft schemes affecting the FDIC.\n  Credit of the House Committee on                  OIG Work in Support of Goal 3\n  Financial Services, the Chairman\n                                                      Several audits completed during\n  focused on strengthening protections\n                                                    the reporting period addressed\n  available to borrowers in the subprime\n                                                    important consumer protection\n  mortgage market and ensuring that\n                                                    matters: security of sensitive customer\n  predatory lending practices do not\n                                                    information and community\n  take root in the banking system.\n                                                    reinvestment reporting. Investigative\n    The OIG\xe2\x80\x99s role under this strategic             work related to protection of personal\n  goal is targeting audits and evaluations          information and misrepresentation\n  that review the effectiveness of                  of deposit insurance complemented\n  various FDIC programs aimed at                    audit efforts in this strategic goal\n  protecting consumers, fair lending, and           area, as described below.\n\n34 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0cIT Examination Coverage of                    achieve greater assurance that\nFinancial Institutions\xe2\x80\x99 Oversight             financial institutions are ensuring that\nof Technology Service Providers               TSPs safeguard customer information.\n                                              We recommended that the FDIC:\n  In the first 10 months of 2006, over\n                                              (1) revise IT-RMP guidance to ensure\nhalf of the 213 information security\n                                              that examiners adequately assess\nbreaches reported by financial\n                                              financial institution compliance with the\ninstitutions to the FDIC involved\n                                              interagency guidelines pertaining\ntechnology service providers (TSP).\n                                              to the oversight of TSPs and\nIn accordance with federal laws and\n                                              (2) reemphasize the need for examiners\nregulations, financial institutions\n                                              to clearly document decisions and\nmust safeguard sensitive customer\n                                              supporting logic for the approach\ninformation against unauthorized\n                                              used in assessing compliance with\ndisclosure when outsourcing\n                                              the interagency guidelines related to\nvarious IT operations to TSPs.\n                                              TSPs as well as support for examiner\n  Interagency guidelines contained            conclusions. These measures will\nin the FDIC Rules and Regulations             help in protecting customers from\nestablish key controls over TSPs, noting      identity theft and institutions from\nthat each bank shall (1) exercise due         fraud and reputational and other risks\ndiligence in selecting TSPs, (2) have         associated with unauthorized access\ncontractual arrangements with their           to or use of customer information.\nTSPs that require appropriate measures\n                                                FDIC management agreed with both\nto safeguard customer information,\n                                              recommendations, noting that it would\nand (3) provide ongoing monitoring\n                                              incorporate our recommendations\nof TSPs to ensure they have satisfied\n                                              into its planned evaluation of first\ntheir contractual obligations.\n                                              year performance under the IT-RMP.\n  We conducted an audit to assess\n                                              FDIC\xe2\x80\x99s Implementation of\nDSC\xe2\x80\x99s (1) IT examination procedures\n                                              the 2005 Amendments to the\nfor addressing the security of\n                                              Community Reinvestment\nsensitive customer information\n                                              Act Regulations\nwhen FDIC-supervised institutions\nuse TSPs and (2) examiners\xe2\x80\x99                     The purpose of the Community\nimplementation of those procedures.           Reinvestment Act of 1977 (CRA) was\n                                              to encourage depository institutions\n We determined that the FDIC can\n\n                               Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 35\n\x0c  to help meet the credit needs of the                We found that the FDIC has issued\n  communities in which they operate,                institution and examination guidance\n  including low- and moderate-income                that addresses the 2005 amendments\n  neighborhoods, consistent with                    to the CRA regulations. The institution\n  safe and sound banking practices.                 guidance was supplemented with\n  The CRA has come to play an                       interagency questions and answers\n  important role in improving access                guidance in March 2006. Additionally,\n  to credit among under-served                      our review of 10 ISB Performance\n  rural and urban communities.                      Evaluation (PE) reports found that\n                                                    examiners had generally followed\n    The CRA requires that each insured\n                                                    the new examination procedures,\n  depository institution\xe2\x80\x99s record in\n                                                    using the lending and community\n  helping meet the credit needs of its\n                                                    development tests to assess ISBs.\n  entire community be periodically\n                                                    However, we noted one area where\n  evaluated and publicly reported. In\n                                                    examiner guidance could be improved\n  2005, the federal banking agencies\n                                                    regarding the implementation of the\n  amended their CRA regulations\n                                                    ISB community development test and\n  which created a new class of small\n                                                    the presentation of the results in the\n  institutions (intermediate small\n                                                    PE reports to support test conclusions.\n  banks, or ISBs) with reduced CRA\n  reporting requirements and more                     Also, it may be premature to establish\n  flexibility in meeting CRA goals.                 outcome-oriented performance\n                                                    measures for the amendments\n    During the reporting period, we\n                                                    made to the CRA regulations. Still,\n  conducted an audit to determine\n                                                    developing a strategy to determine\n  whether the FDIC has (1) issued\n                                                    whether the 2005 amendments to the\n  institution and examination\n                                                    CRA regulations have provided the\n  guidance that addresses the 2005\n                                                    intended regulatory relief for smaller\n  amendments to the CRA regulations\n                                                    community banks and preserved the\n  and (2) established outcome-oriented\n                                                    importance of community development\n  performance measures to determine\n                                                    will allow the FDIC to proactively\n  if the amended regulations have\n                                                    assess the impact of the amendments\n  provided the intended regulatory\n                                                    made to the CRA regulations.\n  relief for smaller community banks\n  and preserved the importance                       We therefore recommended that the\n  of community development.                         Director, DSC, (1) enhance examiner\n\n36 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0cguidance to ensure examiners                 compliance management systems\nprovide complete support in the PE           during compliance examinations.\nreports for their conclusions for the\n                                             ECU Works to Curtail Identity\ncommunity development test, (2)\n                                             Theft and Misrepresentation of\ndevelop examiner guidelines that\n                                             FDIC Insurance or Affiliation\nincorporate the use of comparative\nmeasures within the performance                Identity theft continues to become\nanalysis, and (3) develop a strategy         more sophisticated, and the number\nfor measuring CRA activities as a            of victims is growing. Identity theft\nresult of the amendments made to the         includes using the Internet for\nregulations. DSC management agreed           crimes such as \xe2\x80\x9cphishing\xe2\x80\x9d emails\nto implement the first recommendation        and \xe2\x80\x9cpharming\xe2\x80\x9d Web sites that\nand will raise the remaining two with        attempt to trick people into divulging\nthe other federal banking agencies           their private financial information.\nfor interagency consideration.               Schemers pretend to be legitimate\n                                             businesses or government entities\nOngoing Audit Work\n                                             with a need for the information that\n  The FDIC uses its compliance               is requested. The OIG's Electronic\nexamination process to ascertain             Crimes Unit (ECU) responds to\nthe effectiveness of an institution's        such phishing and pharming scams\nprogram for complying with consumer          involving the FDIC and the OIG.\nprotection laws and regulations. DSC\n                                               Unscrupulous individuals also\ncompliance examinations combine a\n                                             sometimes attempt to misuse the\nrisk-based examination process with an\n                                             FDIC\xe2\x80\x99s name, logo, abbreviation,\nin-depth evaluation of an institution\xe2\x80\x99s\n                                             or other indicators to suggest that\ncompliance management system,\n                                             deposits or other products are fully\nresulting in a top-down, risk-focused\n                                             insured. Such misrepresentations\nexamination approach. A financial\n                                             induce the targets of schemes to trust\ninstitution must develop and maintain\n                                             in the strength of FDIC insurance\na sound compliance management\n                                             while misleading them as to the true\nsystem that is integrated into the\n                                             nature of the insurance investments\noverall risk management strategy of\n                                             being offered. Abuses of this nature\nthe institution. Audit work currently\n                                             harm consumers and can also erode\nunderway will determine whether DSC\n                                             public confidence in federal deposit\nis adequately assessing institutions'\n\n                              Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 37\n\x0c  insurance. Our ECU has a role to                  OIG Hosts Colombian Delegation\n  play in combating such schemes.\n                                                      The OIG\xe2\x80\x99s work in combating cyber-\n    During the reporting period, the                crime is often of interest to others\n  ECU opened four new cases related                 in the law enforcement community.\n  to phishing involving the FDIC. In                During the reporting period we hosted\n  three of the new cases, the ECU was               a delegation of law enforcement\n  able to have the fraudulent Web sites             officials from the Colombian National\n  deactivated. The ECU continues to                 Police. The visit was sponsored by the\n  investigate the fourth new phishing               U.S. State Department\xe2\x80\x99s Bureau of\n  case. The ECU was also able to have               Diplomatic Security, Office of Anti-\n  three other fraudulent FDIC-related               Terrorism Assistance, Cyber-Terrorism\n  phishing Web sites deactivated that               Training Program. As part of the\n  were part of previously opened cases.             State Department\xe2\x80\x99s program, the\n                                                    Colombian group visited a number\n    Additionally, the ECU investigated\n                                                    of federal law enforcement entities\n  two new instances of Web sites that\n                                                    to gain an understanding of what\n  falsely advertised FDIC insurance.\n                                                    is required to establish and operate\n  In both cases, the ECU was able to\n                                                    a large-scale investigative function\n  have the Web site deactivated or the\n                                                    to fight cyber-crimes. Of particular\n  reference to FDIC insurance removed.\n                                                    interest to the Colombian group was\n    Finally, the ECU continued to                   how the OIG\xe2\x80\x99s electronic labs are set\n  work an investigation involving a                 up, how the OIG manages evidence\n  scam where banks are requested                    in storage, and how the lab deals\n  to send confidential information by               with a large-scale chain of evidence.\n  fax to an entity purported to be the              The delegation was grateful for the\n  FDIC. The faxes go to a service that              opportunity to visit the FDIC and\n  converts them to email and sends                  presented the OIG representatives\n  the information to free, untraceable              with U.S. State Department certificates\n  email addresses. During the reporting             of appreciation for having \xe2\x80\x9cmade\n  period, the ECU had two fax numbers               a significant contribution to the\n  deactivated. The ECU has previously               government of Colombia\xe2\x80\x99s fight\n  had ten fax numbers associated                    against cyber-terrorism.\xe2\x80\x9d\n  with this scam deactivated.\n\n\n\n38 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0c                          Strategic Goal 4:\n                          Receivership Management:\n                          Help Ensure that the FDIC is\n                          Ready to Resolve Failed Banks\n                          and Effectively Manages\n                          Receiverships\n\n\n\n\nT The United States provides protection\nto depositors in its banks, savings\nand loan associations, and credit\n                                               customers, general creditors, and\n                                               those with approved claims.\n                                                 The FDIC\xe2\x80\x99s resolution and\nunions. One of the key players in this\n                                               receivership activities pose tremendous\nprocess is the FDIC. Among its various\n                                               challenges. Today record profitability\nfunctions, the FDIC acts as the receiver\n                                               and capital in the banking industry\nor liquidating agent for failed FDIC-\n                                               have led to a substantial decrease\ninsured institutions. The success of the\n                                               in the number of financial institution\nFDIC\xe2\x80\x99s efforts in resolving troubled\n                                               failures compared to prior years.\ninstitutions has a direct impact on the\n                                               However, as indicated by the trends\nbanking industry and on the taxpayers.\n                                               in mergers and acquisitions, banks\n  The Division of Resolutions and              are becoming more complex, and the\nReceiverships (DRR) exists to plan             industry is consolidating into larger\nand efficiently handle the resolutions         organizations. As a result, the FDIC\nof failing FDIC-insured institutions           could potentially have to handle a\nand to provide prompt, responsive,             failing institution with a significantly\nand efficient administration of failing        larger number of insured deposits than\nand failed financial institutions in           it has had to deal with in the past.\norder to maintain confidence and\n                                                 The change between how the\nstability in our financial system.\n                                               FDIC handled resolutions and\n  \xe2\x80\xa2 The resolution process involves            receiverships 20 years ago and how\nvaluing a failing federally insured            it will be handling them 20 years\ndepository institution, marketing it,          from now will be largely based on\nsoliciting and accepting bids for the          learning to anticipate and plan,\nsale of the institution, determining           instead of reacting. Through the\nwhich bid to accept, and working               development of new resolution\nwith the acquiring institution                 strategies within the various DRR\nthrough the closing process.                   business lines, the FDIC must set\n                                               far-reaching plans for the future to\n \xe2\x80\xa2 The receivership process involves\n                                               keep pace with a changing industry.\nperforming the closing function\nat the failed bank; liquidating any              The OIG\xe2\x80\x99s role under this strategic\nremaining assets; and distributing             goal is targeting audits and evaluations\nany proceeds to the FDIC, the bank             that assess the effectiveness of the\n\n                                Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 39\n\x0c  FDIC\xe2\x80\x99s various programs designed                  OIG Work in Support of Goal 4\n  to ensure that the FDIC is ready                    DRR has the primary responsibility\n  to and does respond promptly,                     for resolving failed FDIC-insured\n  efficiently, and effectively to financial         institutions promptly, efficiently, and\n  institution closings. Additionally, the           responsively to maintain public\n  OIG investigative authorities are                 confidence in the nation\xe2\x80\x99s financial\n  used to pursue instances where fraud              system. In performing their duties,\n  is committed to avoid paying the                  DRR personnel have access to a\n  FDIC civil settlements, court-ordered             wide variety of records containing\n  restitution, and other payments as the            sensitive information concerning\n  institution receiver. The OIG will also           bank employees and customers. Prior\n  continue to work with FDIC officials              OIG work focused on DRR efforts to\n  to keep abreast of the ongoing                    protect such information in hardcopy\n  efforts being taken by DRR and the                form. Currently we are conducting\n  Corporation as a whole, to sustain                an audit to evaluate the design and\n  proficiency in resolution activity and to         implementation of selected controls\n  prepare for the possibility of a large            established by DRR to safeguard\n  institution failure or multiple failures          sensitive information collected and\n  caused by a single catastrophic event.            maintained in electronic form as a\n    To help ensure the FDIC is                      result of resolution and receivership\n  ready to resolve failed banks and                 activity at FDIC-insured institutions.\n  effectively manages receiverships,                  With respect to other ongoing work,\n  the OIG\xe2\x80\x99s 2007 performance                        one of the greatest risks to the Deposit\n  goals are as follows:                             Insurance Fund and public confidence\n    \xe2\x80\xa2 Evaluate the FDIC\xe2\x80\x99s plans and                 in the nation\xe2\x80\x99s financial system would\n      systems for managing bank                     be the failure of a large bank. The\n      resolutions.                                  FDIC has put plans in place to deal\n                                                    with the possibility of a large bank\n    \xe2\x80\xa2 Respond to potential crimes\n                                                    failure, and in that regard it undertook\n      affecting the FDIC\xe2\x80\x99s efforts to\n                                                    a Strategic Readiness Project in January\n      recover financial losses.\n                                                    2007. The purpose of the project is\n                                                    to create a simulation that will stress\n                                                    the decision-making associated\n                                                    with a large bank failure, enhance\n\n40 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0cthe FDIC\xe2\x80\x99s ability to determine an            Former CEO of Sunbelt Savings\neffective resolution strategy, advance        Sentenced to 8 Years in Prison\nknowledge of the process, and identify\n                                                On October 20, 2006, in the U.S.\nlessons learned. A steering committee\n                                              District Court for the Northern District\nof FDIC executives is leading the\n                                              of Texas, the former Chief Executive\nproject and Corporate University is\n                                              Officer (CEO) of the now defunct\ndirecting it. A contractor has been\n                                              Sunbelt Savings and Loan of Dallas,\nhired to design the simulation. During\n                                              Texas, was sentenced to 97 months'\nthe reporting period, the OIG has\n                                              incarceration and ordered to pay a\nbeen monitoring the project. We\n                                              criminal forfeiture of $2,054,366 to\nneed to be ready for any large failure\n                                              the U.S. Government and restitution in\nwhen fraud is a contributing factor.\n                                              the amount of $312,828 to the FDIC.\nWe also need to be prepared to\nreview the circumstances that cause             After a week-long trial in January\na large bank failure and make                 2006, the former CEO was convicted\nrecommendations, if appropriate, to           on all 27 counts of a superseding\nstrengthen the regulatory process.            indictment that charged him with 6\n                                              counts of mail fraud, 11 counts of\n  From an investigative standpoint,\n                                              making false statements, 9 counts of\nthe sentencing in one of our cases\n                                              concealing assets from the FDIC, and\nduring the reporting period illustrates\n                                              one count of money laundering. At\nthe nature of the work we do in\n                                              a separate hearing, the court found\nconcealment of assets investigations\n                                              that the former CEO was subject to\nto protect the FDIC\xe2\x80\x99s interests as\n                                              $2,054,366 in cash forfeitures.\nreceiver of a failed institution, as\ndiscussed below. We do such work                The former CEO pleaded guilty\nin furtherance of our performance             in 1990 to federal fraud charges\ngoal related to the FDIC's efforts            in connection with the collapse of\nto recover financial losses.                  Sunbelt, which lost approximately\n                                              $2 billion during the 1980s. In the\n                                              criminal case against him, he was\n                                              ordered to pay back $7.5 million\n                                              to the FDIC and $8.5 million in a\n                                              civil judgment. His plea agreement\n                                              required him to relinquish a\n\n                               Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 41\n\x0c  portion of his income to repay the\n  obligation, with the percentage\n  increasing as income increased.\n    Going back to July 1993, the\n  former CEO engaged in a scheme to\n  defraud the FDIC of its payments by\n  creating a trust, known as the Oslin\n  Nation Trust. The former CEO used\n  the trust to conceal earnings from his\n  business, and pay his personal and\n  legal expenses, and accounting fees.\n  The former CEO made false monthly\n  reports to the U.S. Probation Office\n  to conceal hundreds of thousands\n  of dollars from the FDIC in order\n  to avoid the payments required\n  by the FDIC restitution order.\n   We investigated this case with assistance\n  from the FDIC Legal Division. The\n  U.S. Attorney\xe2\x80\x99s Office for the Northern\n  District of Texas prosecuted the case.\n\n\n\n\n42 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0c                                    Strategic Goal 5:\n                                    FDIC Resources\n                                    Management: Promote\n                                    Sound Governance and\n                                    Effective Stewardship\n                                    and Security of Human,\n                                    Financial, IT, and\n                                    Physical Resources\n\nT The FDIC manages and utilizes a\nnumber of critical strategic resources\nto carry out its mission successfully,\nparticularly its human, financial, IT, and\n                                               business processes; and redirect\n                                               resources from transaction processing\n                                               to analysis, risk management,\n                                               and decision support.\nphysical resources. The Corporation\n                                                 Financial resources are but one\ndoes not receive an annual\n                                               aspect of the FDIC\xe2\x80\x99s critical assets.\nappropriation, except for its OIG, but\n                                               The Corporation\xe2\x80\x99s human capital is\nrather is funded by the premiums that\n                                               also vital to its success. Because of\nbanks and thrift institutions pay for\n                                               the projected retirements of a large\ndeposit insurance coverage, the sale\n                                               number of long-serving employees,\nof assets recovered from failed banks\n                                               the FDIC has made efforts to reshape\nand thrifts, and from earnings on\n                                               its workforce with the implementation\ninvestments in U.S. Treasury securities.\n                                               of the Corporate Employee Program,\n  The Board approved a $1.1 billion            the Succession Management Program,\ncorporate operating budget for                 and the Leadership Development\n2007, approximately 4.6 percent                Program. Throughout the reshaping\nhigher than for 2006. The approved             of its workforce, the FDIC maintains\nbudget provides funding for additional         its commitment to a working\ncompliance examiners, increased                environment of high integrity and\nemployee training, enhanced IT security        to the achievement of its mission.\nand privacy programs, and completion\n                                                 Technological advances have\nof systems changes required to support\n                                               produced tools that all workers\nthe implementation of deposit insurance\n                                               today would be lost without. IT\nreform. The Corporation\xe2\x80\x99s 2007\n                                               drives and supports the manner in\nspending on multi-year investment\n                                               which the public and private sector\nprojects separately approved by the\n                                               conduct their work. At the FDIC, the\nBoard is expected to be approximately\n                                               Corporation seeks to leverage IT to\n$19 million to $23 million.\n                                               support its business goals in insurance,\n The Corporation is continuing to              supervision and consumer protection,\noperate in the context of its New              and receivership management, and\nFinancial Environment, intended to             to improve the operational efficiency\nmeet current and future financial              of its business processes. The\nmanagement and financial information           financial services industry employs\nneeds; improve corporate financial             technology for similar purposes.\n\n                                Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 43\n\x0c    Along with the positive benefits that IT        operational during any emergencies,\n  offers comes a certain degree of risk.            including threats to public health\n  In that regard, information security              such as a pandemic influenza.\n  has been a long-standing and widely\n                                                      The Federal Deposit Insurance Act\n  acknowledged concern among federal\n                                                    empowers the FDIC to enter into\n  agencies. The E-Government Act of\n                                                    contracts to procure goods and\n  2002 recognized the importance of\n                                                    services. Over the past several years,\n  information security. Title III of the E-\n                                                    the Corporation has increased its\n  Government Act, entitled the Federal\n                                                    reliance on outsourcing for services\n  Information Security Management\n                                                    such as IT infrastructure support, IT\n  Act, requires each agency to develop,\n                                                    application system development, and\n  document, and implement an agency-\n                                                    facilities maintenance. As of March\n  wide information security program\n                                                    2006, the value of the FDIC\xe2\x80\x99s active\n  to provide adequate security for the\n                                                    contracts totaled over $1.6 billion.\n  information and information systems\n                                                    Also, a number of new contracting\n  that support the operations and assets\n                                                    vehicles have been implemented. For\n  of the agency. Section 522 of the\n                                                    example, the Corporation combined\n  Consolidated Appropriations Act of\n                                                    approximately 40 IT-related contracts\n  2005 requires agencies to establish\n                                                    into one contract with multiple\n  and implement comprehensive privacy\n                                                    vendors for a total program value of\n  and data protection procedures\n                                                    approximately $555 million over 10\n  and have an independent third-\n                                                    years. Also for the first time the FDIC\n  party review performed of their\n                                                    used a large technical infrastructure\n  privacy programs and practices.\n                                                    contract through the General\n    Business continuity and disaster                Services Administration valued at\n  recovery are foremost concerns                    over $340 million over 5 years.\n  to all federal agencies. The FDIC\n                                                     As an integral part of its stewardship\n  must be sure that its emergency\n                                                    of the insurance funds, the FDIC\n  response plans provide for the\n                                                    has established a risk management\n  safety and physical security of its\n                                                    and internal control program.\n  human resources and ensure that\n                                                    The Office of Enterprise Risk\n  its business continuity planning\n                                                    Management (OERM) is the corporate\n  and disaster recovery capabilities\n                                                    oversight manager for internal\n  keep critical business functions\n                                                    controls and risk management.\n\n44 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0cOERM works in partnership with                     OIG Work in Support of Goal 5\nall FDIC divisions and offices,                    The FDIC\xe2\x80\x99s Succession\nhelping them to identify, evaluate,                Planning Efforts\nmonitor, and manage their risks.\n                                                     Our Evaluations group conducted\n  To promote sound governance                      a review of the FDIC\xe2\x80\x99s succession\nand effective stewardship of FDIC                  planning efforts to identify and address\nstrategic resources, the OIG\xe2\x80\x99s 2007                future critical staffing and leadership\nperformance goals are as follows:                  needs. We evaluated whether the\n \xe2\x80\xa2 Evaluate corporate efforts                      FDIC\xe2\x80\x99s succession planning initiatives\n   to fund operations efficiently,                 were consistent with the seven key\n   effectively, and economically.                  principles for effective succession\n                                                   planning management identified\n \xe2\x80\xa2 Assess corporate human\n                                                   by GAO, the Office of Personnel\n   capital strategic initiatives.\n                                                   Management, the Corporate\n \xe2\x80\xa2 Promote integrity in FDIC                       Leadership Council, and the National\n   internal operations.                            Academy of Public Administration.\n \xe2\x80\xa2 Promote alignment of IT with the                 We found that the FDIC has\n   FDIC\xe2\x80\x99s business goals and                       recently put initiatives in place\n   objectives.                                     and is developing others that are\n                                                   consistent with seven key principles:\n \xe2\x80\xa2 Promote IT security measures that\n   ensure the confidentiality, integrity,           \xe2\x80\xa2 Commitment and active support\n   and availability of corporate                      of top leadership.\n   information.\n                                                    \xe2\x80\xa2 A direct link between the\n \xe2\x80\xa2 Promote personnel and physical                     organization\xe2\x80\x99s mission and its\n   security.                                          strategic plan and outcomes.\n \xe2\x80\xa2 Evaluate corporate contracting                   \xe2\x80\xa2 Identification of the critical\n   efforts.                                           skills and competencies that\n                                                      will be needed to achieve current\n \xe2\x80\xa2 Monitor corporate risk\n                                                      and future programmatic goals.\n   management and\n   internal control efforts.                        \xe2\x80\xa2 Development of strategies to\n                                                      address gaps in mission\n                                                      critical and other key positions.\n\n                                    Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 45\n\x0c    \xe2\x80\xa2 Leadership training programs                  and regional offices. The BCPs include\n      that include formal and informal              procedures for relocating essential\n      training for all levels of supervisors,       personnel; resuming and restoring\n      managers, and potential leaders.              FDIC critical business processes;\n                                                    and recovering and reconstituting\n    \xe2\x80\xa2 Strategies for addressing\n                                                    supporting IT systems. Identifying\n      specific human capital\n                                                    essential contracts and ensuring\n      challenges, such as diversity,\n                                                    that contracts provide for services\n      leadership capacity, and retention.\n                                                    in the event of a BCP scenario\n    \xe2\x80\xa2 A process for evaluating the costs            are critical to FDIC operations.\n      and benefits of succession planning\n                                                      We conducted an audit to determine\n      efforts and the return on investment\n                                                    whether the FDIC has planned for\n      it provides for the organization.\n                                                    essential contract services to be\n    We limited the results of this review           provided in the event of an emergency\n  to describing and providing the                   that requires implementation of the\n  status of the FDIC\xe2\x80\x99s current and                  FDIC\xe2\x80\x99s BCP. We reported that the\n  planned initiatives. We did not                   FDIC has done so and is continuing\n  make recommendations but noted                    to improve contract management\n  in the report that the initiatives                for business continuity. It has\n  should be assessed at a later date                identified most essential contracts\n  to determine their effectiveness in               for business continuity purposes and\n  achieving the desired outcomes.                   modified many of those contracts\n  FDIC\xe2\x80\x99s Contract Planning                          to include emergency preparedness\n  and Management for                                clauses. It also has a process in\n  Business Continuity                               place to update its list of essential\n                                                    contracts in the BCP annually.\n   The Federal Emergency Management\n  Agency has issued guidance for                     We noted that the FDIC could further\n  agencies to use in developing                     improve its contract planning and\n  continuity of operations plans. The               management for business continuity by:\n  FDIC\xe2\x80\x99s Emergency Preparedness                       \xe2\x80\xa2 enhancing BCP procedures and the\n  Program establishes the FDIC\xe2\x80\x99s                        Business Impact Analysis questionnaire\n  business continuity policy and requires               to require documentation of all essential\n  Business Continuity Plans (BCP) to be                 contracts, including detailed information\n  established in the FDIC\xe2\x80\x99s headquarters                about each contract;\n46 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0c \xe2\x80\xa2 requiring program offices to include       review performed of their privacy\n   emergency preparedness clauses             programs and practices. The objective\n   in the Statement of Work for               of the section 522 audit was to (1)\n   essential contracts and subcontracts       evaluate the FDIC\xe2\x80\x99s use of information\n   to ensure that business                    in an identifiable form (IIF) and the\n   continuity is considered in the            FDIC\xe2\x80\x99s privacy and data protection\n   procurement process; and                   procedures and (2) recommend\n \xe2\x80\xa2 amending acquisition policy                strategies and specific steps to\n   and procedures and BCP policy              improve the FDIC\xe2\x80\x99s privacy and data\n   to require that essential contractors      protection management practices.\n   (a) have emergency plans for                 In fulfilling its legislative mandate\n   providing services to the FDIC in          of insuring deposits, supervising\n   the event of a disruption of normal        financial institutions, and managing\n   operations and (b) participate in          receiverships, the FDIC creates\n   the FDIC\xe2\x80\x99s business continuity             and acquires a significant amount\n   testing, training, and                     of IIF. Such IIF includes names,\n   exercise activities.                       addresses, Social Security numbers,\n We made three recommendations.               phone numbers, dates of birth, and\nManagement concurred and                      credit report information. Much\nquickly completed corrective                  of the information managed by\nactions to address our concerns.              the FDIC falls within the scope of\n                                              several statutes and regulations\nFDIC\xe2\x80\x99s Compliance with Section                intended to protect such information\n522 of the Consolidated                       from unauthorized disclosure.\nAppropriations Act, 2005\n                                                We reported that the FDIC has\n We contracted with KPMG                      established a corporate-wide privacy\nLLP (KPMG) to audit the FDIC\xe2\x80\x99s                program to protect the IIF it manages\ncompliance with section 522 of the            from unauthorized disclosure and\nConsolidated Appropriations Act,              ensure its appropriate use consistent\n2005. Section 522 requires, among             with section 522. Of particular\nother things, that agencies establish         note, the FDIC has appointed a\nand implement comprehensive privacy           Chief Privacy Officer with overall\nand data protection procedures and            responsibility for the FDIC\xe2\x80\x99s privacy\nhave an independent third-party               program, issued or drafted policies\n\n                               Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 47\n\x0c  and procedures for safeguarding IIF,                  employee and contractor awareness\n  and posted a privacy statement on the                 to physically safeguard IIF in their\n  FDIC\xe2\x80\x99s public Web site. Additionally,                 custody;\n  the FDIC has performed privacy\n                                                      \xe2\x80\xa2 ensure that privacy impact\n  impact assessments on its systems\n                                                       assessments posted on the\n  identified as containing IIF, completed\n                                                       FDIC\xe2\x80\x99s public Web site\n  required Privacy Act-related reviews,\n                                                       adequately describe the FDIC\xe2\x80\x99s\n  and implemented mandatory Web-\n                                                       collection and use of IIF; and\n  based privacy awareness training\n  for its employees and contractors.                  \xe2\x80\xa2 enhance the FDIC\xe2\x80\x99s systems\n  Further, the FDIC was working to                     development life cycle processes\n  complete a number of key initiatives to              to fully address privacy.\n  strengthen its privacy program policies,           The FDIC agreed with the\n  procedures, and practices and ensure              recommendations and is taking\n  compliance with federal privacy-related           responsive actions.\n  statutes, policies, and guidelines.\n                                                    Interagency Agreement\n    Consistent with the intent of section           with the General Services\n  522, our report identifies areas of the           Administration for the\n  FDIC\xe2\x80\x99s privacy program warranting                 Infrastructure Services Contract\n  continued management attention and\n  recommends strategies and specific                  In March 2004, the FDIC entered\n  steps that management should take to              into an interagency agreement with\n  ensure adequate protection of its IIF.            the General Services Administration\n                                                    (GSA) for IT support services. Under\n    Our report recommended that                     GSA\xe2\x80\x99s Federal Systems Integration\n  the Chief Privacy Officer:                        Management Center (FEDSIM)\n    \xe2\x80\xa2 enhance the FDIC\xe2\x80\x99s privacy                    Millennia contract, GSA issued the\n     program by integrating key ongoing             Infrastructure Services Contract (ISC)\n     and planned program control                    to SRA International, Inc. (SRA) for IT\n     activities into a formal documented            support services for the Corporation.\n     plan;                                          According to the Board Case approved\n                                                    by the FDIC\xe2\x80\x99s Board of Directors,\n    \xe2\x80\xa2 implement additional measures to\n                                                    the contract consolidated 37 FDIC\n     ensure that IIF is properly secured;\n                                                    infrastructure support contracts. The\n    \xe2\x80\xa2 place additional emphasis on                  ISC\xe2\x80\x99s approved total value, including\n48 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0cfour 1-year contract option periods,          assess the reasonableness of the\nis $357 million. The FDIC\xe2\x80\x99s Division          ISC staffing and management plans.\nof Information Technology (DIT) has           Management\xe2\x80\x99s planned actions are\nassumed responsibility for contract           responsive to our recommendations.\nmanagement and oversight.\n                                              Management Report:\n  We conducted an audit to determine          Independent Evaluation\nwhether (1) controls are adequate to          of the FDIC\xe2\x80\x99s Information\nensure that work performed under              Security Program-2006\nthe ISC complies with the contract\xe2\x80\x99s\n                                               We issued a report to management\nterms and conditions and (2) this\n                                              with more detailed information\ncontracting method has produced the\n                                              regarding certain security control\nintended results. We determined that\n                                              concerns identified in our September\nthe combination of controls established\n                                              2006 report entitled, Independent\nby the FDIC and those assigned to\n                                              Evaluation of the FDIC\xe2\x80\x99s Information\nFEDSIM through the interagency\n                                              Security Program-2006. We made\nagreement were adequate to ensure\n                                              recommendations for control\nthat work under the ISC complied with\n                                              improvements, where appropriate. The\nthe contract terms and conditions.\n                                              report contains sensitive information\nAlso, the ISC has substantially achieved\n                                              regarding information security\nthe Corporation\xe2\x80\x99s desired results,\n                                              and is not publicly available.\nas presented in the Board Case.\n                                              OIG Policy Reviews\n  The report makes three\nrecommendations intended to                     During the reporting period,\nstrengthen DIT\xe2\x80\x99s monitoring and               we reviewed 21 draft corporate\noversight. DIT management concurred           policies and raised policy issues for\nwith the recommendations and will             consideration in the following draft\ndocument the activities to provide            documents: Protecting Sensitive\na more structured methodology for             Information, Planning and Budget\nevaluating the ISC\xe2\x80\x99s performance;             Processes, Emergency Preparedness\nestablish a process for presenting and        Program, Student Educational\nobtaining senior management approval          Employment Program, and Express\nfor contract line item allocations; and       Mail Service. Our comments are\ndevelop a process for conducting              incorporated in final policy, as\nperiodic program-wide reviews to              determined by FDIC management.\n\n                               Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 49\n\x0c  Ongoing Audit and\n  Evaluation Work\n    Ongoing work in this strategic\n  goal area includes a review of the\n  Corporation\xe2\x80\x99s process for issuing task\n  orders under the $554.8 million IT\n  application services basic ordering\n  agreements. We are determining\n  whether there is a proper balance\n  between the timely issuance of task\n  orders and the maintenance of proper\n  controls. We are also completing\n  our evaluation of the FDIC\xe2\x80\x99s Use of\n  Performance Measures. This review\n  is examining how the FDIC meets\n  requirements of the Government\n  Performance and Results Act and also\n  addresses other performance metrics\n  used by the Corporation. Finally, we\n  are assessing the extent to which the\n  FDIC has implemented an enterprise\n  risk management program consistent\n  with applicable government-wide\n  guidance and implementation of the\n  Office of Enterprise Risk Management\xe2\x80\x99s\n  September 2006 circular outlining the\n  FDIC\xe2\x80\x99s risk management program.\n\n\n\n\n50 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0c                                           Strategic Goal 6:\n                                           OIG Internal\n                                           Processes: Build\n                                           and Sustain a High-\n                                           Quality OIG Work\n                                           Environment\n\n\n\n\nW While the OIG is focused on the FDIC\xe2\x80\x99s programs and operations, we have an\ninherent obligation to hold ourselves to the highest standards of performance\nand conduct. Like any organization, we have processes and procedures for\nconducting our work; communicating with our clients, staff, and stakeholders;\nmanaging our financial resources; aligning our human capital to our mission;\nstrategically planning and measuring the outcomes of our work; maximizing the\ncost-effective use of technology; and ensuring our work products are timely, value-\nadded, accurate, and complete and meet applicable professional standards.\n To build and sustain a high-quality OIG work environment, the OIG\xe2\x80\x99s 2007\nperformance goals are as follows:\n \xe2\x80\xa2 Encourage individual growth                 \xe2\x80\xa2 Ensure quality and efficiency\n   through personal development;                 of OIG audits, evaluations,\n                                                 investigations, and other operations;\n \xe2\x80\xa2 Strengthen human capital\n   management and leadership                   \xe2\x80\xa2 Enhance strategic and annual\n   development;                                  performance planning and\n                                                 performance measurement; and\n \xe2\x80\xa2 Foster good client, stakeholder,\n   and staff relationships;                    \xe2\x80\xa2 Invest in cost-effective and secure IT.\n\nEncourage Individual Growth\nThrough Personal Development                   training and development programs\n                                               in the interest of creating long-\n  \xe2\x9d\x96 Completed pilot training and               term training and development\ndevelopment plans for 2007 for                 plans for OA, OE, and OI.\nauditors, evaluators, and investigators.\nThe plans reflect a minimum                      \xe2\x9d\x96 As part of the communication of\nrequirement of 44 hours of training            the training and development plans,\nto be taken by auditors and program            staff are encouraged to attain relevant\nanalysts in the Office of Audits (OA)          professional certifications. We held\nand the Office of Evaluations (OE) and         a meeting in March 2006 to discuss\na minimum requirement of 64 hours              the pilot training and development\nof training for criminal investigators         plans and career development plans\nin the Office of Investigations (OI).          with OIG executives and managers\nInformation has been gathered from             to underscore our commitment\nother OIGs and GAO on existing                 to employee development.\n\n                               Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 51\n\x0c    \xe2\x9d\x96 Surveyed the six OIG pilot                      \xe2\x9d\x96 Developed an end-of-assignment\n  mentoring program participants                    feedback form for OA and OE that\n  regarding their 2006 experience                   was endorsed by senior OA/OE\n  and compiled the feedback. We                     management and the Inspector\n  passed along recommendations to                   General. We communicated the\n  the Inspector General for the future              intent of the feedback mechanism,\n  of the OIG mentoring program. In                  use of the form, retention schedule,\n  January 2007 we announced the                     and review process. Explained the\n  OIG\xe2\x80\x99s 2007 mentoring program. The                 tool at the March executive and\n  OIG now has 7 mentoring pairs. All                manager meeting. Periodic meetings\n  14 mentors and mentorees attended                 with staff will be held to assess the\n  the Corporation\xe2\x80\x99s Orientation                     success of the process and address\n  Program in March 2007 and                         any necessary modifications.\n  continue to explore ways to enhance\n                                                      \xe2\x9d\x96 Took a number of steps to update\n  the OIG\xe2\x80\x99s mentoring program.\n                                                    the OIG\xe2\x80\x99s business continuity and\n  Strengthen Human                                  emergency preparedness plans,\n  Capital Management and                            including updating emergency contact\n  Leadership Development                            information, designating shelter-in-\n                                                    place rooms in OIG office space\n    \xe2\x9d\x96 The 2007 pilot training and\n                                                    in coordination with the Division of\n  development plans for OIG staff\n                                                    Administration, and coordinating\n  include 8 hours of leadership training\n                                                    with DIT on the installation of\n  for each person. Information is being\n                                                    telephones in shelter-in-place rooms.\n  gathered from Corporate University\n  (CU), other OIGs, and GAO on                        \xe2\x9d\x96 Worked with the OIG Information\n  existing training and development                 Security Manager to ensure that all\n  programs, including leadership                    OIG employees have a \xe2\x80\x9cSafeword\xe2\x80\x9d\n  development programs. We plan to                  token. The tokens will allow employees\n  discuss establishing an OIG Leadership            to remotely access the FDIC network\n  Development Program, using the CU                 in an emergency situation.\n  Leadership Development Program\n                                                     \xe2\x9d\x96 Assessed Emergency Response\n  as a framework for incorporating\n                                                    Plans and Business Continuity\n  unique OIG requirements.\n                                                    Plans in place at OIG regions\n                                                    and suggested enhancements.\n\n\n52 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0cFoster Good Client, Stakeholder,                \xe2\x9d\x96 Held quarterly meetings with FDIC\nand Staff Relationships                        Directors and other senior officials to\n  \xe2\x9d\x96 Maintained Congressional                   keep them apprised of ongoing audit\nworking relationships by providing             and evaluation reviews and results.\nSemiannual Report to the Congress                \xe2\x9d\x96 Kept DSC, DRR, Legal, and other\nfor the 6-month period ending                  FDIC program offices informed of the\nSeptember 30, 2006, communicating              status and results of our investigative\nwith interested congressional                  work impacting their respective offices.\nparties regarding the OIG\xe2\x80\x99s work               This is accomplished by issuing\non Office of Foreign Assets Control            e-mails to FDIC program offices on\nand challenges regarding predatory             recent actions in OIG cases and\nlending, and attending FDIC-related            OI\xe2\x80\x99s quarterly reports to DSC, DRR,\nhearings on issues of concern to               Legal, and the Chairman\xe2\x80\x99s Office\nvarious oversight committees.                  outlining activity and results in our\n  \xe2\x9d\x96 Developed OIG congressional                cases involving closed and open\nprotocols and shared draft                     banks, and asset and debt cases.\nprotocols with the FDIC\xe2\x80\x99s Director              \xe2\x9d\x96 Participated at Audit Committee\nof the Office of Legislative Affairs,          meetings and presented results\nthen shared the draft protocols                of significant assignments for\nwith the FDIC Chairman.                        consideration by Committee members.\n  \xe2\x9d\x96 Communicated with the                        \xe2\x9d\x96 Identified the following\nChairman and Vice Chairman                     management and performance\nthrough the Inspector General\xe2\x80\x99s                challenges facing the Corporation\nregularly scheduled meetings with              and provided a detailed write-up\nthem and through other forums.                 of the challenges for inclusion in\n \xe2\x9d\x96 Submitted our fiscal year 2008              the Corporation\xe2\x80\x99s Performance and\nbudget request totaling $26.8                  Accountability Report: addressing\nmillion to the Office of Management            risks in large banks; maintaining\nand Budget in November 2006                    strong regulatory capital standards;\nand to cognizant congressional                 implementing deposit insurance\ncommittees in February 2007. We                reform; maintaining an effective\nshared these and related documents             examination and supervision program;\nwith senior corporate officials.               granting insurance to and supervising\n\n                                Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 53\n\x0c  industrial loan companies; guarding                 \xe2\x9d\x96 Elected new members of the OIG\xe2\x80\x99s\n  against financial crimes in insured               Employee Advisory Group in January\n  institutions; safeguarding the privacy            2007. The new Employee Advisory\n  of consumer information; promoting                Group is comprised of three employees\n  fairness and inclusion in the delivery of         from OI, two employees from OA,\n  information, products, and services to            and one employee each from OE\n  consumers and communities; ensuring               and the Office of Management.\n  compliance with consumer protection\n                                                      \xe2\x9d\x96 Continued to post and/or\n  laws and regulations and follow-up on\n                                                    update information on the FDIC\n  violations; being ready for potential\n                                                    OIG internet (www.fdicig.gov) and\n  institution failures; and promoting\n                                                    intranet sites to ensure transparency\n  sound governance and managing\n                                                    and accessibility to OIG products,\n  and protecting human, financial,\n                                                    including Semiannual Reports to the\n  information technology, physical, and\n                                                    Congress, OIG 2007 Business Plan,\n  procurement resources. We continue\n                                                    audit and evaluation reports, and\n  to work cooperatively with stakeholders\n                                                    investigation-related press releases.\n  to address these challenges.\n                                                    Ensure Quality and\n    \xe2\x9d\x96 Participated with other OIGs\n                                                    Efficiency of OIG Audits,\n  in the President\xe2\x80\x99s Council on\n                                                    Evaluations, Investigations,\n  Integrity and Efficiency (PCIE),\n                                                    and Other Operations\n  including attending monthly\n  PCIE meetings and participating                     \xe2\x9d\x96 Commencing work to revise\n  in PCIE Audit and Inspection &                    OA\xe2\x80\x99s Policy and Procedures\n  Evaluation Committee meetings.                    Manual to address changes in\n                                                    the performance audit standards\n    \xe2\x9d\x96 Met with representatives of the\n                                                    and any process changes deemed\n  OIGs of the federal banking regulators\n                                                    necessary as a result of an internal\n  (Federal Reserve Board, Department\n                                                    assignment management review and\n  of the Treasury, National Credit\n                                                    the external peer review results.\n  Union Administration, Securities and\n  Exchange Commission, Farm Credit                    \xe2\x9d\x96 Began review of the Government\n  Administration, Commodity Futures                 Accountability Office (GAO)\n  Trading Commission, Federal Housing               2007 revision of Government\n  Finance Board) to discuss audit and               Auditing Standards and planned\n  investigative matters of mutual interest.         for training staff on the revisions.\n\n54 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0cThe new standards will be effective            Enhance Strategic and\nfor engagements beginning on                   Annual Planning and\nor after January 1, 2008.                      Performance Measurement\n \xe2\x9d\x96 Held an entrance conference                  \xe2\x9d\x96 Met to kick off the fiscal year\nwith the Department of State OIG               2008/2009 business planning process.\non February 21, 2007. That office              The discussion included a look back\nwill conduct a peer review of our              at the fiscal year 2007 planning\naudit operations. Field work is                process to determine what worked\nexpected to begin in April.                    well and what could be improved.\n  \xe2\x9d\x96 In accordance with PCIE quality             \xe2\x9d\x96 Continued to assess and monitor\nstandards, we completed a peer                 changes in risk conditions that affect\nreview of the Department of Justice            OIG business practices, including\nOIG Office of Audit and issued a               coordinating Inspector General\nfinal report in February 2007.                 assurance to the Chairman on the\n  \xe2\x9d\x96 Completed an internal quality              adequacy of internal controls for\ncontrol review of OA assignments.              calendar year 2006 and updating\nOI completed internal reviews of the           OIG Management Control Plans and\nElectronic Crimes Unit, OIG\xe2\x80\x99s Hotline          Accountability Units for CY 2007.\nOperations, Special Inquiries and              Invest in Cost-Effective\nOversight, and the Eastern Region. OI          and Secure IT\ninternal reviews of Western Regional\n                                                 \xe2\x9d\x96 Determined that updating the\nOffices (Dallas and Chicago) are\n                                               IT Strategic Plan to guide OIG\nexpected to be completed by the end\n                                               business decisions, priorities, and\nof the fourth quarter of the fiscal year.\n                                               resource allocations for 2008-\n  \xe2\x9d\x96 Developed a project management             2010 would be an office-wide\ntracking and reporting process for             initiative. Members of the OIG IT\ninternal OIG projects. The milestone           Strategic Plan Working Group were\ndocuments for projects are updated             selected, and a meeting is planned\neach week and are used to track                in May to generate ideas, goals, and\nthe status and progress of the OIG\xe2\x80\x99s           expectations for the IT Strategic Plan.\ninternal improvement projects.\n                                                 \xe2\x9d\x96 Coordinated extensively with DIT\n                                               to install new dedicated servers for\n                                               OIG operations. OIG staff are in\n                                Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 55\n\x0c  the process of migrating the OIG\xe2\x80\x99s                tools will be evaluated and analyzed\n  systems to the OIG\xe2\x80\x99s new servers.                 according to OIG management\xe2\x80\x99s\n  STAR, Counsel Workflow, Bank Case,                information requirements to determine\n  Hotline, OIGNet, and the Training                 an optimal approach to meeting\n  System were moved during March.                   those requirements in a cost-effective\n  The remaining OIG systems and files               and timely manner. A particular\n  including, IDS and Dashboard are                  focus is on minimizing data entry,\n  scheduled to be moved in April.                   providing graphical representations of\n                                                    information, improving performance,\n   \xe2\x9d\x96 DIT formally began its Laptop\n                                                    and providing information across\n  Replacement Project in December\n                                                    OIG systems and applications.\n  2006. The OIG will be represented\n  on both the steering committee                      \xe2\x9d\x96 Implemented the Training System\n  and working group of participating                upgrade in December 2006. The\n  FDIC divisions and offices.                       upgrade improved and streamlined the\n                                                    process of requesting and approving\n   \xe2\x9d\x96 Continued to coordinate\n                                                    training for OIG professional,\n  with DIT to ensure the security\n                                                    supervisory, and administrative staff\n  of OIG information in the FDIC\n                                                    using the system. The upgrade also\n  computer network infrastructure.\n                                                    provides features and improvements\n   \xe2\x9d\x96 Attended a March 6, 2007                       that make the process of obtaining\n  FDIC-sponsored Gartner Group                      vendor discounts and monitoring\n  presentation on planning and                      continuing professional education\n  implementing Microsoft\xe2\x80\x99s new                      requirements more efficient.\n  Vista and Office 2007 software.\n                                                      \xe2\x9d\x96 Updated the OIG Strategic\n   \xe2\x9d\x96 Attended a March 2007                          Information Dashboard to incorporate\n  meeting focused on the FDIC\xe2\x80\x99s                     the OIG fiscal year 2007 Business\n  enterprise architecture vision.                   Plan strategic goals, performance\n    \xe2\x9d\x96 Took steps to identify and                    goals, and key efforts. We also\n  evaluate the options and requirements             updated the quantitative measures\n  needed to streamline, enhance, and                and targets section that reports out\n  improve the collection and reporting              on fiscal year 2007 performance\n  of information needed to manage                   targets as highlighted in the plan.\n  OIG audits and evaluations. Current\n  information systems and automated\n56 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0c                       Cumulative Results (2-year period)\n\n                         Nonmonetary Recommendations\n                         April 2005 - September 2005 39\n                         October 2005 - March 2006   34\n                         April 2006 - September 2006 48\n                         October 2006 - March 2007   35\n\n\n                       Products Issued and Investigations Closed\n                                                                                     40\nL E G E N D\n                                                                   37                35\n\xe2\x80\xa2   Apr 05 - Sept 05                                                         30\n                                                                                     30\n\xe2\x80\xa2   Oct 05 - Mar 06                                                                  25\n\xe2\x80\xa2   Apr 06 - Sept 06      23\n                                                                        21           20\n\xe2\x80\xa2   Oct 06 - Mar 07                                           18\n                                                                                     15\n                                        15\n                                 11            11                                    10\n                                                                                     5\n                                                                                     0\n\n                             Audits &                         Investigations\n                            Evaluations\n\n\n\n                       Questioned Costs/Funds Put to Better Use\n                       (in millions)\nL E G E N D                                                                          5\n                                        4.9\n\n\n\xe2\x80\xa2   Apr 05 - Sept 05                                                                 4\n\xe2\x80\xa2   Oct 05 - Mar 06\n\xe2\x80\xa2   Apr 06 - Sept 06                                                                 3\n\xe2\x80\xa2   Oct 06 - Mar 07\n                                                                                     2\n                          0.98\n                                                                                     1\n                                                      0   0\n                                                                                     0\n\n\n                       Fines, Restitution, and Monetary Recoveries\n                       Resulting from OIG Investigations\n                       (in millions)\n\n                                               75.6\n                                                                                     80\nL E G E N D\n                                                                                     60\n\xe2\x80\xa2   Apr 05 - Sept 05\n\xe2\x80\xa2   Oct 05 - Mar 06\n                                                                                     40\n\xe2\x80\xa2   Apr 06 - Sept 06                    27.2\n\xe2\x80\xa2   Oct 06 - Mar 07\n                                 12.8                                                20\n                          5.4\n\n                                                                                     0\n\n\n\n\n                                                                    Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 57\n\x0c  Reporting\n  Requirements\n\n\n\n\n   Index of Reporting Requirements - Inspector General Act\n   of 1978, as amended\n   Reporting Requirements                                              Page\n   Section 4(a)(2): Review of legislation and regulations              59\n   Section 5(a)(1): Significant problems, abuses, and deficiencies     11-50\n   Section 5(a)(2): Recommendations with respect to                    11-50\n   significant problems, abuses, and deficiencies\n   Section 5(a)(3): Recommendations described in previous semiannual   60\n   reports on which corrective action has not been completed\n   Section 5(a)(4): Matters referred to prosecutive authorities        10\n   Section 5(a)(5) and 6(b)(2): Summary of instances                   64\n   where requested information was refused\n   Section 5(a)(6): Listing of audit reports                           62\n   Section 5(a)(7): Summary of particularly significant reports        11-50\n   Section 5(a)(8): Statistical table showing the total number of      63\n   audit reports and the total dollar value of questioned costs\n   Section 5(a)(9): Statistical table showing the total                64\n   number of audit reports and the total dollar value of\n   recommendations that funds be put to better use\n   Section 5(a)(10): Audit recommendations more than 6 months          64\n   old for which no management decision has been made\n   Section 5(a)(11): Significant revised management                    64\n   decisions during the current reporting period\n   Section 5(a)(12): Significant management                            64\n   decisions with which the OIG disagreed\n\n\n\n\n58 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0c                                              Information\n                                              Required by the\n                                              Inspector General\n                                              Act of 1978, as\n                                              amended\n\n\n\n\nReview of Legislation and Regulations\n  The FDIC Office of Inspector General is tasked under the Inspector General Act\nof 1978 with reviewing existing and proposed legislation and regulations relating to\nprograms and operations of the Corporation and making recommendations in the\nsemiannual reports required by section 5(a) concerning the impact of such legislation\nor regulations on the economy and efficiency in the administration of programs\nand operations administered or financed by the Corporation or the prevention and\ndetection of fraud and abuse in its programs and operations. The Office of Counsel\nreviewed legislative developments regarding H.R. 985, Whistleblower Protection\nEnhancements Act of 2007; H.R. 1300, the Program for Real Energy Security Act\n(PROGRESS Act); S. 495, the Data Privacy and Security Act of 2007 and updates to\nthe Privacy Act. Additionally, Counsel\xe2\x80\x99s Office reviewed twelve FDIC directives related\nto reasonable accommodation, leave, community service, records management,\nSection 508 compliance, equal employment opportunity, worker\xe2\x80\x99s compensation,\nemergency preparedness, student educational employment program, and protecting\nsensitive information, and made comments on various aspects of these directives.\n\n\nTable I: Significant Recommendations From Previous Semiannual\nReports on Which Corrective Actions Have Not Been Completed\n  This table shows the corrective actions management has agreed to implement but\nhas not completed, along with associated monetary amounts. In some cases, these\ncorrective actions are different from the initial recommendations made in the audit\nreports. However, the OIG has agreed that the planned actions meet the intent of\nthe initial recommendations. The information in this table is based on (1) information\nsupplied by FDIC\xe2\x80\x99s Office of Enterprise Risk Management (OERM) and (2) the OIG\xe2\x80\x99s\ndetermination of closed recommendations for reports issued after March 31, 2002.\nThese 15 recommendations from 13 reports involve improvements in operations and\nprograms. OERM has categorized the status of these recommendations as follows:\nManagement Action in Process: (15 recommendations from 13 reports)\n  Management is in the process of implementing the corrective action plan, which\nmay include modifications to policies, procedures, systems, or controls; issues\ninvolving monetary collection; and settlement negotiations in process.\n\n                                    Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 59\n\x0c   Table I: Significant Recommendations From Previous Semiannual\n   Reports on Which Corrective Actions Have Not Been Completed\n\n    Report Number,                           Significant                        Brief Summary of\n    Title & Date                             Recommendation                     Planned Corrective\n                                             Number                             Actions and Associated\n                                                                                Monetary Amounts\n    Management Action In Process\n    04-019                                   3                                  Align systems development with\n    Enhancements to the FDIC                                                    the FDIC\xe2\x80\x99s Enterprise Architecture,\n    System Development Life                                                     establish how funding will be\n    Cycle Methodology                                                           reviewed and provided in an\n    April 30, 2004                                                              iterative development environment,\n                                                                                and update cost-benefit analysis\n                                                                                during the life cycle of the system.\n    05-016                                   1l                                 Ensure that division and\n    Security Controls Over the                                                  office directors provide FDIC\n    FDIC\xe2\x80\x99s Electronic Mail                                                      employees and contractors with\n    (E-Mail) Infrastructure                                                     sufficiently detailed guidance\n    March 31, 2005                                                              to facilitate informed decisions\n                                                                                on when to encrypt sensitive\n                                                                                e-mail communications.\n    EVAL-06-005                              1                                  Develop and issue an overarching\n    FDIC Safeguards Over                                                        privacy policy for safeguarding\n    Personal Employee                                                           personal employee information.\n    Information\n    January 6, 2006\n    06-008                                   4u                                 Establish a schedule for periodically\n    Consideration of Safety and                                                 updating the assessment\n    Soundness Examination                                                       rate analysis and reassessing\n    Results and Other Relevant                                                  the basis point spreads and\n    Information in the FDIC\xe2\x80\x99s                                                   assessment rates, as needed.\n    Risk-Related Premium System\n    February 17, 2006\n    06-009                                   2*                                 Develop, in coordination with\n    FDIC\xe2\x80\x99s Guidance to                                                          the joint-agency rulemaking\n    Institutions and Examiners for                                              committee, a more aggressive\n    Implementing the Gramm-                                                     project management plan that\n    Leach-Bliley Act Title V and                                                will expedite the issuance of\n    Fair and Accurate Credit                                                    final rules and regulations for\n    Transactions (FACT) Act                                                     all FACT Act provisions.\n    February 24, 2006\n    06-011                                   2u                                 Review existing examiner, financial\n    Challenges and FDIC Efforts                                                 institution, and consumer\n    Related to Predatory Lending                                                guidance and determine whether\n    June 7, 2006                                                                additional guidance is needed\n                                                                                to address the risks associated\n                                                                                with predatory lending.\n     l Management has taken actions to address this recommendation. The OIG plans to assess the effectiveness of those\n       actions as part of the OIG's 2007 work under the Federal Information Security Management Act and will then\n       determine whether the recommendation can be closed.\n\n     u The OIG has received some information but has requested additional information to evaluate management\xe2\x80\x99s actions\n       in response to the recommendation.\n\n     * The OIG has not yet evaluated management\xe2\x80\x99s actions in response to the OIG recommendation.\n\n\n\n\n60 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0cTable I: Significant Recommendations From Previous Semiannual\nReports on Which Corrective Actions Have Not Been Completed (cont.)\n\nReport Number,                           Significant                       Brief Summary of\nTitle & Date                             Recommendation                    Planned Corrective\n                                         Number                            Actions and Associated\n                                                                           Monetary Amounts\n06-013                                  2                                  Review the existing Corporate Bylaws\nFDIC Reserve Ratio and                                                     to ensure that those delegations\nAssessment Determinations                                                  reflect the Board members\xe2\x80\x99 intent and\nApril 17, 2006                                                             expectations with regard to the deposit\n                                                                           insurance fund reserve ratio and\n                                                                           assessment determination processes.\n                                        3                                  Work with FDIC management to\n                                                                           evaluate procedures and practices for\n                                                                           keeping Board members informed of\n                                                                           Corporation matters and activities.\n06-014                                  2                                  Develop and issue clarifying policy or\nFDIC\xe2\x80\x99s Industrial Loan                                                     guidance regarding the need for, and\nCompany Deposit Insurance                                                  importance of, conditions associated\nApplication Process                                                        with deposit insurance applications.\nJuly 20, 2006\n06-015                                  1n                                 Assess, in conjunction with the other\nFDIC\xe2\x80\x99s Oversight of                                                        federal banking agencies, regulatory\nTechnology Service Providers                                               and other options for establishing and\n(TSP)                                                                      maintaining a current, accurate, and\nJuly 20, 2006                                                              complete inventory of TSP information.\n06-017                                  1                                  Develop a DRR Records Management\nDRR\xe2\x80\x99s Protection of Bank                                                   Program that includes guidelines\nEmployee and Customer                                                      for the inventory, maintenance, use,\nPersonally Identifiable                                                    and control of hardcopy records\nInformation                                                                containing personally identifiable\nSeptember 15, 2006                                                         information from failed institutions.\n06-024                                  1                                  Strengthen guidance related to the\nDivision of Supervision                                                    monitoring and follow-up processes\nand Consumer Protection\xe2\x80\x99s                                                  for compliance violations by revising\nSupervisory Actions Taken for                                              the Compliance Examination\nCompliance Violations                                                      Procedures to require follow-up\nSeptember 29, 2006                                                         between examinations on repeat,\n                                                                           significant compliance violations\n                                                                           and program deficiencies.\n06-025                          1                                          Develop an enterprise-wide approach\nControls for Monitoring                                                    for monitoring user access privileges\nAccess to Sensitive Information                                            commensurate with the sensitivity of the\nProcessed by FDIC                                                          FDIC's informations systems and data.\nApplications\nSeptember 29, 2006\n                                        3                                  Develop a written plan that\n                                                                           defines a risk-based, enterprise-\n                                                                           wide approach to audit logging\n                                                                           and monitoring for the FDIC\xe2\x80\x99s\n                                                                           portfolio of information systems.\nEVAL-06-026                             13                                 Define requirements for the new\nFDIC\xe2\x80\x99s Contract                                                            automated procurement system,\nAdministration                                                             including to address the New\nSeptember 29, 2006                                                         Financial Environment shortcomings\n                                                                           identified in this report.\n n The OIG has not received information necessary to evaluate management\xe2\x80\x99s actions in response to the recommendation.\n\n\n\n                                            Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 61\n\x0c  Table II: Audit Reports Issued by Subject Area\n                      Audit Report                            Questioned Costs       Funds\n                                                                                     Put to\n        Number                                                                       Better\n                                      Title                  Total     Unsupported\n        and Date                                                                      Use\n   Supervision\n   07-001                FDIC\xe2\x80\x99s Supervision of\n   December 14, 2006     Financial Institutions\xe2\x80\x99 OFAC\n                         Compliance Programs\n   07-002                Division of Supervision\n   January 10, 2007      and Consumer Protection\xe2\x80\x99s\n                         Information Technology-Risk\n                         Management Program\n   07-007                Examination Assessment\n   March 30, 2007        of the Reliability of\n                         Appraisals and Sufficiency\n                         of Insurance Coverage\n                         for Real Estate Lending\n   Consumer Protection\n   07-005                Information Technology\n   February 5, 2007      Examination Coverage\n                         of Financial Institutions\xe2\x80\x99\n                         Oversight of Technology\n                         Service Providers\n   07-008                FDIC\xe2\x80\x99s Implementation of\n   March 30, 2007        the 2005 Amendments to\n                         the Community Reinvestment\n                         Act Regulations\n   Resources Management\n   07-003                FDIC\xe2\x80\x99s Compliance\n   January 10, 2007      with Section 522 of\n                         the Consolidated\n                         Appropriations Act, 2005\n   07-004                Interagency Agreement\n   January 10, 2007      with the General\n                         Services Administration\n                         for the Infrastructure\n                         Services Contract\n   07-006                Management Report:\n   March 28, 2007        Independent Evaluation\n                         of the FDIC\xe2\x80\x99s Information\n                         Security Program - 2006\n   07-009                FDIC\xe2\x80\x99s Contract Planning\n   March 30, 2007        and Management for\n                         Business Continuity\n   Totals for                                           $0             $0            $0\n   the Period\n\n62 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0cTable III: Evaluation Reports Issued\nNumber and Date                Title\nEVAL-07-001                    FDIC\xe2\x80\x99s Succession Planning Efforts\nMarch 28, 2007\nEM-07-001                      FDIC\xe2\x80\x99s Management Report Information Flow\nMarch 30, 2007\n\n\n\nTable IV: Audit Reports Issued with Questioned Costs\n                                                                         Questioned Costs\n                                                 Number\n                                                                    Total        Unsupported\nA. For which no management decision\n   has been made by the commencement               0                 0                0\n   of the reporting period.\nB. Which were issued during the\n                                                   0                 0                0\n   reporting period.\nSubtotals of A & B                                 0                $0                $0\nC. For which a management decision\n   was made during the reporting                   0                 0                0\n   period.\n   (i) dollar value of disallowed costs.           0                 0                0\n   (ii) dollar value of costs not\n                                                   0                 0                0\n        disallowed.\nD. For which no management decision\n   has been made by the end of the                 0                 0                0\n   reporting period.\n   Reports for which no management\n   decision was made within 6 months               0                 0                0\n   of issuance.\n\n\n\n\n                                    Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress 63\n\x0c  Table V: Audit Reports Issued with Recommendations for Better\n  Use of Funds\n                                                                Number   Dollar Value\n   A. For which no management decision has been made\n                                                                     0          0\n      by the commencement of the reporting period.\n   B. Which were issued during the reporting period.                 0          0\n   Subtotals of A & B                                                0       $0\n   C. For which a management decision was\n                                                                     0          0\n      made during the reporting period.\n      (i) dollar value of recommendations that\n                                                                     0          0\n          were agreed to by management.\n        - based on proposed management action.                       0          0\n        - based on proposed legislative action.                      0          0\n      (ii) dollar value of recommendations that\n                                                                     0          0\n           were not agreed to by management.\n   D. For which no management decision has been\n                                                                     0          0\n      made by the end of the reporting period.\n      Reports for which no management decision\n                                                                     0          0\n      was made within 6 months of issuance.\n\n\n\n  Table VI: Status of OIG Recommendations Without Management\n  Decisions\n   During this reporting period, there were no recommendations more than 6 months\n  old without management decisions.\n  Table VII: Significant Revised Management Decisions\n   During this reporting period, there were no significant revised management\n  decisions.\n  Table VIII: Significant Management Decisions with Which the\n  OIG Disagreed\n   During this reporting period, there were no significant management decisions\n  with which the OIG disagreed.\n  Table IX: Instances Where Information Was Refused\n   During this reporting period, there were no instances where information was\n  refused.\n\n64 Office of Inspector General \xe2\x80\x93 Semiannual Report to the Congress\n\x0c\x0c\x0c"